Rewterz Threat Advisory – CVE-2021-23839 – OpenSSL SSLv2 rollback protection weak security

Severity

Medium

Analysis Summary

CVE-2021-23839

OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during a padding check. If the server is configured for SSLv2 support at compile time, configured for SSLv2 support at runtime or configured for SSLv2 ciphersuites, it will accept a connection if a version rollback attack has occurred and erroneously reject a connection if a normal SSLv2 connection attempt is made.

Impact

Gain Access

Affected Vendors

OpenSSL

Affected Products

OpenSSL OpenSSL 1.0.2

Remediation

Refer to OpenSSL Security Advisory for patch, upgrade or suggested workaround information. 

OpenSSL Security Advisory