Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-15069

Impact of LOGJAM TLS vulnerability on CB Server

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.1.0, 4.0.0
    • 2.5.1, 2.5.0, 2.5.2, 3.0, 3.0.1, 3.0.2, 3.0.3, 4.0.0
    • ns_server
    • Security Level: Public
    • Untriaged
    • Unknown

    Description

      There has been a new vulnerability (LOGJAM) discovered in SSL/TLS which allows an attacker to downgrade a connection to weak export-grade crypto and potentially read/modify data. See https://weakdh.org for the researchers' website detailing the vulnerability.

      We need to access the impact of this on the product, and determine what components need patching.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MB-14772 3.1.0 Minor Release

          • Major - Major loss of function.
          • Resolved
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ritam.sharma Ritam Sharma
              drigby Dave Rigby (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty