OpenSSL CCS Injection Vulnerability

by
in security on (#3NE)
A researcher reviewing the OpenSSL library has found another bug in the implementation.
This [vulnerability] can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
Pretty much all versions of OpenSSL from the last few years are affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
https://www.openssl.org/news/secadv_20140605.txt

Not a Big One (Score: 0)

by Anonymous Coward on 2014-06-06 01:32 (#20Z)

If I understand correctly, this only applies to OpenSSL client to OpenSSL server communication, NOT browser to OpenSSL server (?).

So while huge for those who relied on it this way, the pool of vulnerability is smaller than Heartbleed.
Post Comment
Subject
Comment
Captcha
Fifty seven, 27, 29, twenty, 33 or eighty two: the biggest is?