|
|
|
|
|
|
by api
3604 days ago
|
|
|
Probably affects Android too since it uses the Linux kernel. Personally I consider this to be a mild to moderate vulnerability since under no circumstances should you ever trust a non-encrypted non-authenticated channel to be safe. TCP offers in-order delivery and decent integrity checking but otherwise offers absolutely no security guarantees at all. From a crypto point of view an authentication method like TCP sequence numbers should be considered "not even there." |
|
|
So you're saying you.. don't use TCP? That seems unlikely.
Someone using this vulnerability can prevent you from opening the encrypted authenticated channel you're trying to be safe with (by injecting RST). I don't see how you can call it mild.