CVE-2013-2566

Priority
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
Notes
jdstrandthis is a protocol problem not specific to openssl. Using openssl
as a placeholder until more information is available
marking low for now until more information is available. At present,
naive attacks need tens to hundreds of millions of TLS connections. Optimized
attacks are not present yet.
marking deferred since there is no consensus on what to do (we can't
just disable RC4)
mdeslaurmarking as ignored since there is no actionable item
Package
Upstream:released (25.0.1)
Package
Upstream:needs-triage
Package
Upstream:released (24.1.1)
More Information

Updated: 2020-09-10 02:39:12 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)