Resources Blog Fuzz-o-Matic Finds Critical Flaw In OpenSSL

Fuzz-o-Matic Finds Critical Flaw In OpenSSL

Help Net Security – (International) Fuzz-o-Matic finds critical flaw in OpenSSL. Codenomicon helped identify a critical flaw in widely used encryption software. A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2, and DTLS can be exploited in a denial-of-service attack on both client and server software. The flaw was found with Fuzz-o-Matic, a cloud-based testing platform. The TLS security protocol is the current Internet standard for encrypting and authenticating application traffic. TLS is used by millions of people every day in online banking, ecommerce, e-mail, and Voice-over-IP applications. The OpenSSL is an open-source implementation of TLS and is employed in standard operating systems, Web browsers, e-mail clients, and network devices ranging from WiFi access points and DSL modems to industrial-strength core routers.


Picture of Ali Loney

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.