Apple's ECDHE-ECDSA SecureTransport bug

2015.05.22

Credit: Jeffrey Walton

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Does anyone know if Apple's ECDHE-ECDSA SecureTransport bug was assigned a CVE? It affected OS X and iOS.
Effectively, the bug was an implementation error that cause interoperability failures. To mostly counter it, the cipher suites had to be disabled, which resulted in a loss of security. If the person experiencing it did not know the cause, then they were left with a Denial of Service (DoS).
To be clear, this was a different bug than CVE-2015-1130 (Goto Fail).
Also see SSL_OP_SAFARI_ECDHE_ECDSA_BUG on the OpenSSL wiki
(http://wiki.openssl.org/index.php/SSL_OP_SAFARI_ECDHE_ECDSA_BUG).

References:

http://wiki.openssl.org/index.php/SSL_OP_SAFARI_ECDHE_ECDSA_BUG

http://seclists.org/fulldisclosure/2015/May/94

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apple's ECDHE-ECDSA SecureTransport bug

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.