Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"CVE-2002-20001"
--> "... Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. ..."
VG
Bernd
[0] https://nvd.nist.gov/vuln/detail/CVE-2002-20001
Nochmals hallo zusamen,
ich vergass den Link [0] zum PoC/Repo mitzuschicken.
VG
Bernd
[0] https://github.com/Balasys/dheater
rwth-security@lists.rwth-aachen.de