Home » News » Vulnerabilities » A Bug Found in OpenSSL

A Bug Found in OpenSSL

By Bryan on March 5, 2010 | Vulnerabilities, OpenSSL, severe vulnerability, open-source A Bug Found in OpenSSL

A “severe vulnerability” was found in the OpenSSL. Computer researcher's used software encryption package that allows them to rebuild a machine's confidential cryptographic key. The flaw in OpenSSL is important because the open-source package is used to protect sensitive data all over the world.

An independent security researcher Karsten Nohl commented: “Wherever you need to verify the origin of a piece of software or a piece of information, those building blocks come in handy."

There is a good news. According to scientists from University of Michigan, the bug is easily fixed by applying cryptographic sequence to an underlying error-checking algorithm. These random sequences will make the attack impossible.

An OpenSSL official commented that engineers are in a process of patching the flaw. It is also true that  scientists are experimenting with the possibility of exploiting the bug using lasers or natural radiation sources.

More Vulnerabilities news

Denial-of-service flaw is fixed by Oracle

Denial-of-service flaw is fixed by Oracle

Recently, Oracle released a patch which fixed denial-of-service vulnerability in the Oracle WebLogic Server, Application Server and iPlanet Web Server. In a security bulletin Oracle warned that "vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password." Oracle pointed out that a fix for the same vulnerability in the GlassFish Server was released last month. Read more.


News categories

Latest news

Related news