DarkFiber Consulting – IT Managed Services

SSL and TLS Vulnerable to Man-in-the-middle Attacks

December 10th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.

DarkFiber Consulting encourages OpenSSL users and administrators to review the OpenSSL 0.9.8l release and apply any updates.

DarkFiber Consulting has not received any reports of active exploitation and will continue to provide additional information as it becomes available.