Vulnerability: OpenSSL Information leak in encrypted connections

Debian advises a vulnerability exists in OpenSSL, a Secure Socket Layer implementation. In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC cipher suites used in SSL and TLS. OpenSSL has been found to vulnerable to this attack.

More information is available here.

Join the newsletter!

Error: Please check your email address.

More about Debian

Show Comments