Home » Security » New OpenSSL Man-in-the-Middle Flaw Affects All Clients and Some Servers

openssl

There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software.

The new vulnerability could only be exploited to decrypt traffic between a vulnerable client and a vulnerable server, and the attacker would need to have a man-in-the-middle position on a network in order to do so. That’s not an insignificant set of conditions that must be present for a successful attack, but in the current environment, where open wireless networks are everywhere and many users connect to them without a second thought, gaining a MITM position is not an insurmountable hurdle. Researchers who have looked at the vulnerable piece of code say that it appears to have existed, nearly unchanged, in the OpenSSL source since 1998.

OpenSSL released the Security Advisory (CVE-2014-0224) on their web site today a long with 7 other security bugs.

Comments

comments

Latest

Focus On the Responsive Mobile Website
Mobile Website or Mobile App
Technology is bringing about a drastic change to the hiring industry
Five Ways To Use Your iPad For Business
Outlook Mail App Review

Sponsors

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Subscribe To The Technology Geek

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Sponsors

Archives