Article - CS201024
Is Windchill affected by the FREAK SSL vulnerability ?
Modified: 03-Dec-2015
Applies To
- Windchill PDMLink 10.0 to 10.2
- OpenSSL
Description
- Is Windchill affected by the FREAK (Factoring RSA Export Keys) SSL vulnerability ?
- Does CVE-2015-0204 apply to Windchill ?
- The FREAK vulnerability applies to the way in which SSL clients communicate with the servers.
- Clients can be tricked via a Man-In-The-Middle attack to accept less secure Export Ciphers even if they were not requested
- The FREAK vulnerability affects many different implementations of SSL from many different vendors
- Each implementation will have a different CVE number.
- FREAK issues in OpenSSL are tracked through CVE-2015-0204
- FREAK may also apply to other SSL implementations used by the client to connect to Windchill (Operating Systems and Browsers)
This is a printer-friendly version of Article 201024 and may be out of date. For the latest version click CS201024