Critical OpenSSL vulnerability could allow attackers to intercept secure communications with the new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)

A critical new vulnerability in OpenSSL could allow attackers to intercept secure communications by tricking a targeted computer into accepting a bogus digital certificate as valid. This could facilitate man-in-the-middle (MITM) attacks, where attackers could listen in on connections with secure services such as banks or email services.

OpenSSL is one of the most widely used implementations of the SSL and TLS cryptographic protocols. Open-source software, it is used widely on internet-facing devices, including two thirds of all web servers.

The new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793) was patched today in a security update issued by the OpenSSL project (https://www.openssl.org/news/secadv_20150709.txt) . The vulnerability relates to OpenSSL’s certificate verification process. SSL certificates are issued in chains, moving from the root certificate authority (CA) through a number of intermediate CAs down to the end user certificate, known as the leaf certificate. If a connecting device cannot establish if a certificate has been issued by a trusted CA, it will move another step up the chain until it finds a trusted CA. If it doesn’t, it will return an error message and a secure connection will be denied.

For more information please read the blog post at : http://www.symantec.com/connect/blogs/critical-openssl-vulnerability-could-allow-attackers-intercept-secure-communications

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

About The Author