CERT mailing list archives
OpenSSL 3.0 Protocol Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 17 Oct 2014 16:52:21 -0500
NCCIC / US-CERT National Cyber Awareness System: OpenSSL 3.0 Protocol Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2014/10/17/OpenSSL-30-Protocol-Vulnerability ] 10/17/2014 02:40 PM EDT Original release date: October 17, 2014 US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends users and administrators review TA14-290A [ https://www.us-cert.gov/ncas/alerts/TA14-290A ] for additional information and apply any necessary updates to address this vulnerability. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- OpenSSL 3.0 Protocol Vulnerability US-CERT (Oct 17)