Home » Security » New OpenSSL Man-in-the-Middle Flaw Affects All Clients and Some Servers

openssl

There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software.

The new vulnerability could only be exploited to decrypt traffic between a vulnerable client and a vulnerable server, and the attacker would need to have a man-in-the-middle position on a network in order to do so. That’s not an insignificant set of conditions that must be present for a successful attack, but in the current environment, where open wireless networks are everywhere and many users connect to them without a second thought, gaining a MITM position is not an insurmountable hurdle. Researchers who have looked at the vulnerable piece of code say that it appears to have existed, nearly unchanged, in the OpenSSL source since 1998.

OpenSSL released the Security Advisory (CVE-2014-0224) on their web site today a long with 7 other security bugs.

Comments

comments

Latest

data recovery Recover your data using EaseUS Data Recovery, Easily!
windows 10 Windows 10 and Office 365 Feature Release Schedule
filesharing Top 5 File Sharing Apps for 2017
cortana Cortana For The Business Desktop
wifi Little Known Tips About Boosting Your Home WiFi Signals

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Subscribe To The Technology Geek

Sponsors

Sponsors

Archives