Jump to content
Virneto

passou a ser moda? - SSL/TLS MITM vulnerability

Recommended Posts

Virneto
SSL/TLS MITM vulnerability (CVE-2014-0224)

===========================================

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

(...)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code

can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za

OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.

OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

mais:

https://www.openssl.org/news/secadv_20140605.txt


"Que inquieto desejo vos tortura, Seres elementares, força obscura? Em volta de que ideia gravitais?" >> Anthero de Quental

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Linuxando.com | ...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.