You are here

OpenSSL Vulnerability related to Version 1.0.1p

SSL, TLS, OpenSSL, Client Certificate Authentication

OpenSSL released a security advisory on July 9, 2015, describing the vulnerability CVE-2015-1793 fixed in release 1.0.1p [1].

Airlock WAF is affected when client certificate authentication is enabled.

According to our analysis of the vulnerability, an attacker holding a valid client certificate may be able to issue other invalid client certificates which can be used to bypass authorization checks.


The Airlock team has published hotfixes to update OpenSSL to version 1.0.1p. The criticality of the hotfix is high.

Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
No action required