The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.

在 OpenSSL 1.0.2a 之前的版本中，s3_clnt.c 中的ssl3_client_hello 函数在进行握手之前并没有确保 PRNG 初始化。这使得远程攻击者更容易通过捕获网络数据并进行 dictionary-based 攻击来破坏加密保护机制。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）