OpenSSL Certificate fingerprint Local Security Restriction Bypass Vulnerability
Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL <0.9.8zd
OpenSSL Project OpenSSL 1.0.1-1.0.1k
OpenSSL Project OpenSSL 1.0.0-1.0.0p
Description:
Bugtraq id: 71935
CVE (CAN) ID: CVE-2014-8275
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
OpenSSL versions earlier than 0.9.8zd, 1.0.0-1.0.0p, and 1.0.1-1.0.1k have no restrictions on certain data. Remote attackers include constructed data in the unsigned area of the certificate, this vulnerability allows you to bypass fingerprint-based certificate blacklist protection.
<* Source: Antti Karjalainen
Tuomo Untinen.
*>
Suggestion:
Vendor patch:
OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.openssl.org/news/secadv_20150108.txt
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
Use OpenSSL to sign multi-domain certificates
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: