New OpenSSL Vulnerability

Tagged: 

  • This topic is empty.
Viewing 0 reply threads
  • Author
    Posts
    • #8825
      cyber.spirit
      Participant

      Critical OpenSSL allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate

      The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains.

      An attacker able to supply a certificate chain to an SSL/TLS or DTLS client or an SSL/TLS or DTLS server using client authentication could use this vulnerability(CVE-2015-1793) to bypass certain checks in the verification process, possibly allowing them to use one of the certificates in the supplied certificate chain as a CA certificate to generate an invalid certificate.

      Reference: http://openssl.org/news/secadv_20150709.txt

Viewing 0 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?