none
Schannel and TLS 1.x padding vulnerability (CVE-2014-8730) RRS feed

  • Question

  • Hi all,

    Is the implementation of TLS by Microsoft Secure Channel (Schannel) (http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx) affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?

    Please see the following links for more details about this vulnerability:

    • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
    • https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls


    Is there a confirmation from Microsoft that Schannel is not affected by this vulnerability?

    Regards,
    Sanjay



    • Edited by SanjayGBhat Thursday, January 8, 2015 10:52 AM
    Thursday, January 8, 2015 10:48 AM

Answers

All replies