OpenSSL: Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)

Critical OpenSSL vulnerability could allow attackers to intercept secure communications with the new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)

A critical new vulnerability in OpenSSL could allow attackers to intercept secure communications by tricking a targeted computer into accepting a bogus digital certificate as valid. This could facilitate man-in-the-middle (MITM) attacks, where attackers could listen in on connections with secure services such as banks or email services.

OpenSSL is one of the most widely used implementations of the SSL and TLS cryptographic protocols. Open-source software, it is used widely on internet-facing devices, including two thirds of all web servers.

The new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793) was patched today in a security update issued by the OpenSSL project (http://www.openssl.org/news/secadv_20150709.txt) . The vulnerability relates to OpenSSL’s certificate verification process. SSL certificates are issued in chains, moving from the root certificate authority (CA) through a number of intermediate CAs down to the end user certificate, known as the leaf certificate. If a connecting device cannot establish if a certificate has been issued by a trusted CA, it will move another step up the chain until it finds a trusted CA. If it doesn’t, it will return an error message and a secure connection will be denied.

For more information please read the blog post at : http://www.symantec.com/connect/blogs/critical-openssl-vulnerability-could-allow-attackers-intercept-secure-communications

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »