New OpenSSL Vulnerability


Viewing 2 reply threads
  • Author
    • #8825

      Critical OpenSSL allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate

      The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains.

      An attacker able to supply a certificate chain to an SSL/TLS or DTLS client or an SSL/TLS or DTLS server using client authentication could use this vulnerability(CVE-2015-1793) to bypass certain checks in the verification process, possibly allowing them to use one of the certificates in the supplied certificate chain as a CA certificate to generate an invalid certificate.


    • #182753

      I should express that I like this article so a ton and moreover using it in regular. I believe you would continue sharing better than average articles here.
      cookie clicker

    • #184961

      Thank you for the information provided.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?