OpenSSL CCS Injection Vulnerability

by
in security on (#3A6)
A researcher reviewing the OpenSSL library has found another bug in the implementation.
This [vulnerability] can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
Pretty much all versions of OpenSSL from the last few years are affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
https://www.openssl.org/news/secadv_20140605.txt

History

2014-06-05 19:22
OpenSSL CCS Injection Vulnerability
bryan@pipedot.org
A researcher reviewing the OpenSSL library has found another bug in the implementation.
This [vulnerability] can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
Pretty much all versions of OpenSSL from the last few years are affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
https://www.openssl.org/news/secadv_20140605.txt
Reply 0 comments