New version of OpenSSL fixes two vulnerabilities

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted

New version of OpenSSL fixes two vulnerabilities

Version 1.0.0c of the free OpenSSL SSL implementation fixes two vulnerabilities. A flaw in an older workaround for Netscape browsers and servers can be remotely exploited to make an OpenSSL server downgrade the ciphersuite to a weaker one for subsequent connections. This can potentially simplify the cracking of encrypted connections. The update simply disables the workaround.

Another flaw in the implementation of the "Password Authenticated Key Exchange by Juggling" protocol (J-PAKE ) allows intruders to authenticate themselves without a secret key. While this flaw has been fixed in the current version, the developers point out that their implementation is still experimental and not compiled by default.

http://www.h-online.com/security/news/item/New-version-of-OpenSSL-fixes-two-vulnerabilities-1150044.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing