CVE-2014-1771 Information

Description

SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \triple handshake attack\ aka \TLS Server Certificate Renegotiation Vulnerability.\

Reference

http://www.securityfocus.com/bid/67861 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 https://secure-resumption.com/