QwikSec

Security Database

CVE

CWE

Training

CVE-2016-3125

Published: Apr 5, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:1558

vendor-advisory

x_refsource_SUSE

FEDORA-2016-ac3587be9a

vendor-advisory

x_refsource_FEDORA

[oss-security] 20160311 Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters

mailing-list

x_refsource_MLIST

http://proftpd.org/docs/NEWS-1.3.6rc2

x_refsource_CONFIRM

FEDORA-2016-f95d8ea3ad

vendor-advisory

x_refsource_FEDORA

http://proftpd.org/docs/NEWS-1.3.5b

x_refsource_CONFIRM

FEDORA-2016-977d57cf2d

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2016:1334

vendor-advisory

x_refsource_SUSE

http://bugs.proftpd.org/show_bug.cgi?id=4230

x_refsource_CONFIRM

[oss-security] 20160311 ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.