OpenSSL CCS Injection Vulnerability

in security on (#3NE)
A researcher reviewing the OpenSSL library has found another bug in the implementation.
This [vulnerability] can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
Pretty much all versions of OpenSSL from the last few years are affected.

Re: Not a Big One (Score: 1)

by on 2014-06-06 12:43 (#211)

Since the major browsers use something other than SSL it's not a big deal as far as browser security no. Some utilities (can) use Openssl like wget, and anything secured using stunnel is vulnerable. My only worry is patching my mail servers, some of which talk to each other using TLS only and assume the connection is secure.
Post Comment
The white sweatshirt is what color?