I am also quite curious. Also, how long has this exploit been around, and could hackers have exploited this already?
2014-06-05 22:46 GMT+02:00 Jeffrey Walton <[email protected]>: > CVE-2014-0224 looks like an interesting issue > (https://www.openssl.org/news/secadv_20140605.txt): > > An attacker using a carefully crafted handshake > can force the use of weak keying material in > OpenSSL SSL/TLS clients and servers. This can > be exploited by a Man-in-the-middle (MITM) > attack where the attacker can decrypt and > modify traffic from the attacked client and server. > > Can anyone explain the vulnerability? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] >
