OpenSSL 的重大 bug:拿 Certificate 當 CA...

OpenSSL 發佈了「Alternative chains certificate forgery (CVE-2015-1793)」安全性通報:

An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.

拿一個合法的 leaf certificate 當 CA root... 這下又有一票東西要更新了 @_@

這次從 1.0.1n 到 1.0.2b 的版本會受到影響。

starting from version 1.0.1n and 1.0.2b

This entry was posted in Computer, Murmuring, Network, Security, Software and tagged , , , , , , , . Bookmark the permalink.

One Response to OpenSSL 的重大 bug:拿 Certificate 當 CA...

  1. Kuon says:

    類似的問題, SSL Family 發生過好幾次了 XDD

Leave a Reply

Your email address will not be published. Required fields are marked *