mirror of
https://github.com/signalwire/freeswitch.git
synced 2025-02-07 12:17:35 +00:00
19fc943f59
If an attacker can cause a device to make an authenticated request to a service via TLS while including a payload of the attacker's choice in that request, and if TLS compression is enabled, the attacker can uncover the plaintext authentication information by making a series of guesses and observing changes in the length of the ciphertext. This is CVE-2012-4929. FS-6360 --resolve Thanks-to: Brian West <brian@freeswitch.org>