TLS Downgrade Attack Vulnerability in Botan 1.11.x before 1.11.29

TLS Downgrade Attack Vulnerability in Botan 1.11.x before 1.11.29

CVE-2016-2850 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.