A new way to exploit OpenSSL has been discovered. This might not seem like much of a problem on the surface but, the OpenSSL library is used by a number of SSL VPNs and various webservers.
The vulnerability affects a specific set of cryptographic X.509 keys known as PKCS #1 v1, and could allow an attacker to have a non-legitimate and forged certificate accepted as real, compromising and unpatched system.
Versions of the software from 0.9.7j to 0.9.8b are said to be at risk, and the open source project has recommended that anyone using the software should update it immediately.
Here is a link for the OpenSSL security advisory.
[tags]OpenSSL Vulnerability, SSL VPN, X.509, Crypto[/tags]
ok