CVE-2020-1596

medium

Description

<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p>

References

https://www.tenable.com/blog/microsoft-s-september-2020-patch-tuesday-addresses-129-cves

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1596

Details

Source: Mitre, NVD

Published: 2020-09-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium