CVE-2020-1596
MEDIUMWindows - Information Disclosure via Weak TLS Hash Algorithms
Title source: llmDescription
<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p>
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1596
Scores
CVSS v3
5.4
EPSS
0.0090
EPSS Percentile
54.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-327
Status
published
Products (19)
microsoft/windows_10
(2 CPE variants)
microsoft/windows_10
1607 (2 CPE variants)
microsoft/windows_10
1709
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1903
microsoft/windows_10
1909
microsoft/windows_10
2004
microsoft/windows_7
(2 CPE variants)
microsoft/windows_8.1
(2 CPE variants)
... and 9 more
Published
Sep 11, 2020
Tracked Since
Feb 18, 2026