You are here
OpenSSL Vulnerability related to Version 1.0.1p
Submitted on 9. July 2015 - 14:06 by rischi.
Last update on 9. July 2015 - 18:29.
Last update on 9. July 2015 - 18:29.
Keywords:
SSL, TLS, OpenSSL, Client Certificate Authentication
Description:
OpenSSL released a security advisory on July 9, 2015, describing the vulnerability CVE-2015-1793 fixed in release 1.0.1p [1].
Airlock WAF is affected when client certificate authentication is enabled.
According to our analysis of the vulnerability, an attacker holding a valid client certificate may be able to issue other invalid client certificates which can be used to bypass authorization checks.
Resolution:
The Airlock team has published hotfixes to update OpenSSL to version 1.0.1p. The criticality of the hotfix is high.
Component:
Airlock
Airlock Vulnerability Status:
Airlock vulnerable, see resolution
Back-end Vulnerability Status:
No action required
Reference: