Skip to content

video not played or not found error
click on direct switch

Hosted by Dailymotion. For legal issues: Copyright Center · DMC · Instant Removal

CVE-2016-6304

T
teneciousD

6 Views • Oct 21, 2016

Description

This video shows a private tool exploiting a vulnerability in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a that allows a remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. When successfully exploited, this vulnerability causes the server to crash or slow down.

In this video the attack is launched against a test service run through "openssl s_server" but any TLS/SSL service using a vulnerable version of openssl is affected (exim, dovecot, sendmail, etc...)