OpenSSL CCS Injection Vulnerability

by
in security on (#3NE)
A researcher reviewing the OpenSSL library has found another bug in the implementation.
This [vulnerability] can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
Pretty much all versions of OpenSSL from the last few years are affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
https://www.openssl.org/news/secadv_20140605.txt

Re: Not a Big One (Score: 1)

by tempest@pipedot.org on 2014-06-06 12:43 (#211)

Since the major browsers use something other than SSL it's not a big deal as far as browser security no. Some utilities (can) use Openssl like wget, and anything secured using stunnel is vulnerable. My only worry is patching my mail servers, some of which talk to each other using TLS only and assume the connection is secure.
Post Comment
Subject
Comment
Captcha
Enter the biggest number of forty five, 27 or 1: