Home » Security » New OpenSSL Man-in-the-Middle Flaw Affects All Clients and Some Servers

openssl

There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software.

The new vulnerability could only be exploited to decrypt traffic between a vulnerable client and a vulnerable server, and the attacker would need to have a man-in-the-middle position on a network in order to do so. That’s not an insignificant set of conditions that must be present for a successful attack, but in the current environment, where open wireless networks are everywhere and many users connect to them without a second thought, gaining a MITM position is not an insurmountable hurdle. Researchers who have looked at the vulnerable piece of code say that it appears to have existed, nearly unchanged, in the OpenSSL source since 1998.

OpenSSL released the Security Advisory (CVE-2014-0224) on their web site today a long with 7 other security bugs.

Comments

comments

Latest

twitter Who Would Buy Twitter?
Harman Kardon Invoke Harman Kardon Invoke Speaker Review
YouTube Red Is YouTube Red the New Podcast App?
skype Does Anyone Use Skype?
content 5 Content Writing Tools For Winning Tech Review

Tech Geek Today

Tech Geek Today

MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728    
       
1234567
891011121314
22232425262728
293031    
       
    123
45678910
11121314151617
18192021222324
25262728293031
       
  12345
6789101112
20212223242526
27282930   
       
      1
9101112131415
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
252627282930 
       
 123456
78910111213
14151617181920
21222324252627
28293031   
       

Subscribe To The Technology Geek

Archives