Help Net Security – (International) Fuzz-o-Matic finds critical flaw in OpenSSL. Codenomicon helped identify a critical flaw in widely used encryption software. A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2, and DTLS can be exploited in a denial-of-service attack on both client and server software. The flaw was found with Fuzz-o-Matic, a cloud-based testing platform. The TLS security protocol is the current Internet standard for encrypting and authenticating application traffic. TLS is used by millions of people every day in online banking, ecommerce, e-mail, and Voice-over-IP applications. The OpenSSL is an open-source implementation of TLS and is employed in standard operating systems, Web browsers, e-mail clients, and network devices ranging from WiFi access points and DSL modems to industrial-strength core routers.
Ali Loney, on May 14, 2012