Changes between Version 5 and Version 6 of CCSInjection


Ignore:
Timestamp:
06/05/14 18:58:08 (5 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CCSInjection

    v5 v6  
    44== What does the CCS Injection Vulnerability mean? ==
    55In short: if both the client and the server are running a vulnerable version of OpenSSL, an active attacker with a man-in-the-middle position can trick OpenSSL to use keys known to the attacker. This means the attacker can read and even manipulate everything on the TLS connection. In the OpenVPN case, that includes the traffic protection keys for your VPN data, and thus your VPN data. For more information, visit the CCS Injection Vulnerability page at http://ccsinjection.lepidum.co.jp/ or check the CVE at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224.
     6
     7Use of [wiki:Hardening#Useof--tls-auth TLS auth] prevents this vulnerability from being exploited.
    68
    79== What should I do? ==