Vigil@nce - IBM AIX : Man-in-the-Middle of bos.net.tcp
septembre 2016 par Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-Middle on a bos.net.tcp
software of IBM AIX, in order to read or write data in the session.
Impacted products : AIX.
Severity : 2/4.
Creation date : 27/07/2016.
DESCRIPTION OF THE VULNERABILITY
The IBM AIX product uses the TLS protocol, in order to create
secure sessions.
However, the default TLS version (1.0) used by bos.net.tcp
(client, server, imapd, pop3d and sendmail) is not the latest
available version (1.2), and this version is impacted by
Man-in-the-Middle attacks.
An attacker can therefore act as a Man-in-the-Middle on a
bos.net.tcp software of IBM AIX, in order to read or write data in
the session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-AIX-Man-in-the-Middle-of-bos-net-tcp-20230