cvedb.io
CVE-2015-8960
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2016-09-21T02:59:00.133 · Last modified 2026-06-17T00:35:34.183

Summary

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Affected products

ietf — transport_layer_security

Does this affect you?

Add your gear to cvedb and we'll alert you only when ietf ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.