Story 2014-06-05

OpenSSL CCS Injection Vulnerability

by
in security on (#3NE)
A researcher reviewing the OpenSSL library has found another bug in the implementation.
This [vulnerability] can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
Pretty much all versions of OpenSSL from the last few years are affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
https://www.openssl.org/news/secadv_20140605.txt