mono -- TLS bugs

Affected packages
mono < 3.10.1
3.12 <= mono < 3.12.1


VuXML ID c0cae920-c4e9-11e4-898e-90e6ba741e35
Discovery 2015-03-06
Entry 2015-03-07

The Mono project reports:

Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post.

Mono’s implementation of SSL/TLS also contained support for the weak EXPORT cyphers and was susceptible to the FREAK attack.