web analytics
Home » Technology » Internet » OpenSSL Certificates Paralyze Servers and Clients

OpenSSL Certificates Paralyze Servers and Clients

chrome 56

The OpenSSL encryption software appears to have a dangerous vulnerability. Using crafted OpenSSL certificates, it is possible to attack servers and clients. The developers have already released new versions that fix the bug, a warning according to the OpenSSL developers, servers and clients can go into an infinite loop when loading certain TLS certificates. The bug is in the BN-mod-sqrt() function and allows hackers to perform a DOS attack. This requires the use of TLS certificates or private keys with elliptic curve parameters. It is unclear whether the bug is already being actively exploited in practice.

While DOS attacks can cause server failures, the vulnerability cannot do widespread damage. It is not a vulnerability that would allow malicious code to be run on third-party systems. However, servers can become paralyzed and financial damage can occur. The vulnerability is called CVE-2022-0788 and has a high threat level. The bug was originally discovered by Google security researcher Tavis Ormandy.

Administrators need to update their software

If you are using OpenSSL, you should update the installed software as soon as possible. In addition to version 1.1.1n, version 3.0.2 must also be secure. Premium Support customers can download the 1.0.2zd release. OpenSSL version 1.1.0 is also affected by the issue. However, the builds are no longer provided with updates. Since OpenSSL is used in many programs, many apps are likely to be at risk. The developers must therefore respond quickly and provide updates.