OpenSSL Alternative Certificate Chain Validation Vulnerability

Last Update Date: 10 Jul 2015 10:42 Release Date: 10 Jul 2015 3613 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability was identified in OpenSSL. A remote user can bypass certificate validation on the target system.

 

When the validation of a certificate chain fails, the system attempts to validate an alternate certificate chain but does not check the CA flag of untrusted certificates. As a result, a remote user can cause the target system to validate an invalid certificate using a valid leaf certificate.

Impact

  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • Version 1.0.1o, 1.0.1n, 1.0.2b, 1.0.2c

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.0.1p or 1.0.2d

Vulnerability Identifier

Source

Related Link

Share with

Previous

Joomla Multiple Vulnerabilities

8 Jul 2015 3320 Views

Next

Microsoft Office Remote Code Execution Vulnerabilities

15 Jul 2015 3136 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY