CERT mailing list archives
Current Activity - SSL and TLS Vulnerable to Man-in-the-middle Attacks
From: Current Activity <us-cert () us-cert gov>
Date: Fri, 6 Nov 2009 19:07:41 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity SSL and TLS Vulnerable to Man-in-the-middle Attacks Original release date: November 6, 2009 at 7:01 pm Last revised: November 6, 2009 at 7:01 pm US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream. US-CERT encourages OpenSSL users and administrators to review the OpenSSL 0.9.81 release and apply any updates. US-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available. Relevant Url(s): <http://www.openssl.org/source/> ==== This entry is available at http://www.us-cert.gov/current/index.html#ssl_and_tls_vulnerable_to -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSvS6ONucaIvSvh1ZAQIo8ggAktWkfcagWHOdjAyt/h7Ze4wTD3n1YVWR CjBoQecQWSj90rz+Xw6S/KEwLvQ3MN3bSkmK8tz1qOR1G9hYDkEg5E8Xoi67cwjQ Zl8o84HDQ9BKK4MXWutmpKJJfilYnn5kGZuMokRN+VZ5xfYXIXZklXpGUxn9QcDv 0cjJLg0tsHZ7tWiHZZl7RFG+rLO0t4ruZl8aGVMRRtAk6h4zix8Ni3AQJgEexvwg SOsGLSv0r8A/JByNiQQYBsvVhLD15wVhMqPX8T0degBqHnj6N0A3g9bW5EDDTAC4 QsvR708XSbskmy8oe/xp/7k4ZG505C8ZM25USFky71gYEyK/yUF1Jw== =syHi -----END PGP SIGNATURE-----
Current thread:
- Current Activity - SSL and TLS Vulnerable to Man-in-the-middle Attacks Current Activity (Nov 06)