CVE-2020-1596
Severity CVSS v4.0:
Pending analysis
Type:
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Publication date:
11/09/2020
Last modified:
23/02/2026
Description
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users&#39;s encrypted transmission channel.<br />
To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.<br />
The update addresses the vulnerability by correcting how TLS components use hash algorithms.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
2.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:* | ||
| cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:* | ||
| cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:* | ||
| cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:* | ||
| cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page