Severity
Medium
Analysis Summary
CVE-2021-23839
OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during a padding check. If the server is configured for SSLv2 support at compile time, configured for SSLv2 support at runtime or configured for SSLv2 ciphersuites, it will accept a connection if a version rollback attack has occurred and erroneously reject a connection if a normal SSLv2 connection attempt is made.
Impact
Gain Access
Affected Vendors
OpenSSL
Affected Products
OpenSSL OpenSSL 1.0.2
Remediation
Refer to OpenSSL Security Advisory for patch, upgrade or suggested workaround information.