After warnings were issued, a critical vulnerability discovered in current versions of OpenSSL affecting almost every organisation, will have a patch released today – so patch as soon its available experts say!
If you are unaware, OpenSSL is a widely used software library by companies to enable secure network connections and is available for Linux, Windows, macOS, and BSD systems. OpenSSL lets users perform various SSL-related tasks, including Certificate Signing Request (CSR) and private keys generation, and SSL certificate installation.
The Open SSL Project defines a critical vulnerability as affecting:
‘common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations’
Remember, if you’re using HTTPS, chances are you’re using OpenSSL and need to patch this vulnerability.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.