Critical OpenSSL vulnerability could allow attackers to intercept secure communications with the new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)

A critical new vulnerability in OpenSSL could allow attackers to intercept secure communications by tricking a targeted computer into accepting a bogus digital certificate as valid. This could facilitate man-in-the-middle (MITM) attacks, where attackers could listen in on connections with secure services such as banks or email services.

OpenSSL is one of the most widely used implementations of the SSL and TLS cryptographic protocols. Open-source software, it is used widely on internet-facing devices, including two thirds of all web servers.

The new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793) was patched today in a security update issued by the OpenSSL project (https://www.openssl.org/news/secadv_20150709.txt) . The vulnerability relates to OpenSSL’s certificate verification process. SSL certificates are issued in chains, moving from the root certificate authority (CA) through a number of intermediate CAs down to the end user certificate, known as the leaf certificate. If a connecting device cannot establish if a certificate has been issued by a trusted CA, it will move another step up the chain until it finds a trusted CA. If it doesn’t, it will return an error message and a secure connection will be denied.

For more information please read the blog post at : http://www.symantec.com/connect/blogs/critical-openssl-vulnerability-could-allow-attackers-intercept-secure-communications

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a Symantec Website Security Solutions Authorized Distributor and a Platinum Partner. Acmetek offers all 4 Brands of SSL Certificates, Symantec, Thawte, GeoTrust and RapidSSL.Offering Norton Shopping Guarantee that inspires trust and increases online sales with a 20x ROI Guarantee.

Contact an SSL Specialist to buy your SSL Certificates from Acmetek, a Symantec Strategic/Platinum Distributor.

Become a Partner and create additional revenue stream while the heavy lifting for you.

LoadingAdd to favorites

About The Author