RealTime IT News

OpenSSL Patches MITM Flaws

The Internet Storm Center (ISC SANS) ranks two of the newly patched flaws as critical. One, identified as CVE-2014-0224, is an SSL man-in-the-middle (MITM) vulnerability that could have a widespread, critical impact. In an MITM attack, the attacker is able to intercept encrypted messages sent between secured endpoints and decrypt the message.

"An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS [Secure Sockets Layer/Transfer Layer Security] clients and servers," OpenSSL warns in its advisory. "This can be exploited by a man-in-the-middle attack where the attacker can decrypt and modify traffic from the attacked client and server."

The OpenSSL Project cautions that all client versions of OpenSSL are vulnerable to CVE-2014-0224. The OpenSSL advisory notes that CVE-2014-0224 was reported to the OpenSSL Project May 1.

Read the full story at eWEEK:
OpenSSL Finds and Fixes 7 New Security Flaws

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.