LT   EN   RU  
Monday 26 October 2020 Straipsniai.lt - Independent and informative portal
Home
Phorum
Contacts
Login
Register   Login
News subscribe
Subscribe   Unsubscribe
Partners
www.slaptai.lt www.gamezone.lt
www.penki.lt www.hakeriai.lt
   
   
Advertising
Statistic
Visits since 2002 09 12 - 66992699
Pages in Straipsniai.lt: 40735
  
  Computers > Computer technologies > Security > SSL certificates
Lankomumo reitingas Print version Print version
SSL toolkit flaw poses risk

A vulnerability has been discovered in versions of software development toolkits from RSA Security, which could allow an attacker to bypass SSL client authentication.

In a security notice on the issue, RSA said the vulnerability meant that hackers "might potentially gain access to data intended only for authorised users". The company has a patch and it advises customers to apply this to affected software.

Due to a bug in the SSL (Secure Socket Layer) session cacheing feature implemented in RSA BSAFE SSL-J versions 3.x, unauthorised clients may be able to impersonate authorised clients, RSA confirms.

The problem does not affect clients nor does it impact the performance of servers which do not use client authentication. But the vulnerability is noteworthy because it affects commonly used-cryptographic protection techniques.

It's been discovered that (with use of the vulnerable software libraries) if an error occurs while the handshake is being performed, the session key is, under certain conditions, stored in the cache when it should be discarded.

Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, and use a much shorter sign-on procedure.

The SSL protocol provides for caching of SSL sessions between subsequent connections by the same user; this speeds up connections and lower processing overhead in most cases. The flaw would not give a user root access to a server.

The issue affects RSA BSAFE SSL-J 3.0, 3.01 and 3.1 and Cisco Internet Content Distribution Network 2.0 (because of its use of the toolkit). Users of RSA BSAFE SSL-J 1.x and 2.x are unaffected, as are RSA customers using BSAFE SSL-J 3.1.1 or 4.0 beta 2 and higher. ®

            
Lankomumo reitingas

Diskusijos - Discusions

Print version - Print version

Atgal
Random tags:    Operating systems (19)    Software (11)    Dragons (13)    Science (163)    Skydiving (10)    Cats (14)    Yoga (4)    Egypt (43)    Law (11)    Business (25)    Tourism (46)    Mysticism 2 (3)    UFO (39)    Suckling (10)    Computers (355)    Krishnaism (10)    Sound systems (10)    Archaeology (12)    Mysticism (119)    Energetics (2)    Films (10)    Gymnastics (9)    Culture (57)    Animals (65)    Kisses (13)    Cinema (20)    Countries (43)    Sport2 (8)    Computer piracy (10)    Economics2 (2)    Sport (81)    SSL certificates (10)    Agriculture (17)    Music (10)    Beer (10)    People (56)    Viruses (10)    Horoscopes (4)    Pedagogics (10)    Hackers (59)    Procesors (2)    Badminton (3)    Buddhism (10)    V.Nabokov (54)    Photography (3)    Literature (24)    Religion (34)    Fantasy (10)    Travels (2)    The Rights of Man (14)
1. Introduction to SSL certificates
2. Internet Explorer, SSL and binary data
3. Where should I get my SSL Certificate?
4. What is SSL? And how can I use it?
5. MIDP Application Security 2: Understanding SSL and TLS
6. What is SSL (the "little padlock")?
7. What is SSL?
8. RSA Security and GeoTrust Announce Strategic Partnership to Offer Digital Certificate Solutions
9. How do I generate a Certificate Signing Request (CSR) for my web server?
1. MIDP Application Security 2: Understanding SSL and TLS
2. How do I generate a Certificate Signing Request (CSR) for my web server?
3. What is SSL?
4. Where should I get my SSL Certificate?
5. RSA Security and GeoTrust Announce Strategic Partnership to Offer Digital Certificate Solutions
6. Internet Explorer, SSL and binary data
7. Introduction to SSL certificates
8. What is SSL? And how can I use it?
9. What is SSL (the "little padlock")?
Map