| Nov 06, 2009 |
SSL and TLS Vulnerable to Man-in-the-middle Attacks US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream. US-CERT encourages OpenSSL users and administrators to review the OpenSSL 0.9.81 release and apply any updates. US-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available. |