The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations to be handled by different parties. This leaves your data vulnerable to Man-In-The-Middle attacks.
Table of contents
Secure SSL Renegotiation Security Assessment
CVSS Vector: AV:N/AC:M/AU:N/C:N/I:P/A:P
Secure SSL Renegotiation Vulnerability Information
The renegotiation process of the SSL encryption is vulnerable. This allows two negotiations (one before the renegotiation and one after) to be handled by different parties. This leaves the data vulnerable to Man-In-The-Middle attacks.
How to Secure SSL Renegotiation
The problems in the renegotiation protocol have been fixed in the SSL implementations and do not appear in recent protocol versions. Therefore make sure that you use a Secure TLS Configuration and update OpenSSL to the latest version.