I am also quite curious. Also, how long has this exploit been around, and could hackers have exploited this already?
2014-06-05 22:46 GMT+02:00 Jeffrey Walton <noloa...@gmail.com>: > CVE-2014-0224 looks like an interesting issue > (https://www.openssl.org/news/secadv_20140605.txt): > > An attacker using a carefully crafted handshake > can force the use of weak keying material in > OpenSSL SSL/TLS clients and servers. This can > be exploited by a Man-in-the-middle (MITM) > attack where the attacker can decrypt and > modify traffic from the attacked client and server. > > Can anyone explain the vulnerability? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
