OpenSSL 3.0 Protocol Vulnerability

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

OpenSSL 3.0 Protocol Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2014/10/17/OpenSSL-30-Protocol-Vulnerability ] 10/17/2014 02:40 PM EDT 
Original release date: October 17, 2014

US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of 
this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction.

US-CERT recommends users and administrators review TA14-290A [ https://www.us-cert.gov/ncas/alerts/TA14-290A ] for 
additional information and apply any necessary updates to address this vulnerability.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]