French security researcher Antoine Delignat-Lavaud discovered the information disclosure problem (CVE-2014-3166) in SPDY, an open networking protocol that transports web content. According to the National Vulnerability Database, the Public Key Pinning (PKP) implementation in the browser on Windows, OS X, Linux and Android fails to consider the SPDY handler. This could allow attackers to obtain sensitive information by leveraging the use of multiple domain names.
The link for this article located at ThreatPost is no longer available.
