VULHUB ™

A design error exists in some versions of OpenSSL that may lead to the disclosure of sensitive information. The problem exists because the SSL_connect() function, used to initiate the TLS/SSL handshake with a server, does not ensure that the underlying pseudo-random number generator is properly seeded before initiating a SSL connection. This may lead in the disclosure of sensitive information by applications using the OpenSSL toolkit if the random number generator is not initialized. This problem is known to affect qmail's unofficial 'tls.patch' patch, which fails to seed the random number generator.

A design error exists in some versions of OpenSSL that may lead to the disclosure of sensitive information. The problem exists because the SSL_connect() function, used to initiate the TLS/SSL handshake with a server, does not ensure that the underlying pseudo-random number generator is properly seeded before initiating a SSL connection. This may lead in the disclosure of sensitive information by applications using the OpenSSL toolkit if the random number generator is not initialized. This problem is known to affect qmail's unofficial 'tls.patch' patch, which fails to seed the random number generator.