Add to Favorites Just recently there has been a lot of news regarding a vulnerability with SSLv2 (SSL2.0) and what has been named the Drown Attack. You will see articles saying “Drown Attack effects over 1/3 of the worlds websites, ” “No one is secure on the internet anymore,” More than a Million sites effected!” etc.. […]
Articles Tagged: Vulnerability
OpenSSL patch released that fixes High-severity Diffie Hellman bug
Add to Favorites OpenSSL has fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS based on the ephemeral keys, DSA based Diffie Hellman (DH) key exchange. The OpenSSL Diffie Hellman issue got assigned CVE-2016-0701 with a severity of High. This vulnerability could allow an attacker to force the […]
SHA 1 Critical Vulnerability Notice
Add to Favorites On October 8, 2015, a team of international cryptography researchers warned of a significantly increased risk in using SHA-1 certificates, and recommended that administrators accelerate their migration to SHA-2 certificates. The risk is that, with enough computing power, an attacker can craft a fake certificate that in all key respects appears to […]
How to fix Alternative chains certificate forgery (CVE-2015-1793)
Add to Favorites How to fix Alternative chains certificate forgery (CVE-2015-1793):Critical OpenSSL vulnerability could allow attackers to intercept secure communications. What is it: An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them […]
OpenSSL: Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)
Add to Favorites Critical OpenSSL vulnerability could allow attackers to intercept secure communications with the new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793) A critical new vulnerability in OpenSSL could allow attackers to intercept secure communications by tricking a targeted computer into accepting a bogus digital certificate as valid. This could facilitate man-in-the-middle (MITM) attacks, where […]
The FREAK Vulnerability.
Add to Favorites The FREAK Vulnerability, What is happening? A new SSL/TLS vulnerability named “FREAK” was identified by several security researchers. This threat allows an attacker to get between a client and server and view what is intended to be a secure and private communication. The vulnerability is primarily due to a bug in OpenSSL […]