Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
0
Helpful
2
Replies

TLS Session Renegotiation Vulnerability

Krishna Kumar konduri
Level 1
Level 1

‎09-05-2013 06:23 AM - edited ‎03-11-2019 07:34 PM

Hi Team,

We are trying to scan the ASA firewall and getting the below error. Is there any way to resolve this issue? Please sugget.

We did a security scan of Internal firewall and found one issue - "TLS

Session Renegotiation Vulnerability"


The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does

not properly associate renegotiation handshakes with an existing

connection, which allows man-in-the-middle attackers to insert data into

HTTPS sessions, and possibly other types of sessions protected by TLS or

SSL, by sending an unauthenticated request that is processed

retroactively by a server in a post-renegotiation context, related to a

"plaintext injection" attack

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Michael Muenz
Level 5
Level 5

‎09-06-2013 06:08 AM

It would be easier to search for a solution if theres a CVE ID available.

Perhaps it's solved with Interim 9.1.2?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
0 Helpful

mersnetadmin
Level 1
Level 1
In response to Michael Muenz

‎10-24-2018 08:44 AM

I believe the CVE is CVE-2009-3555

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card