Security Breach Notification
We would like to make you aware of a recently discovered software vulnerability that may impact your users and systems.
The following security notification was announced on 9th July by the OpenSSL team. The flaw, which was discovered by Adam Langley and David Benjamin of Google affects multiple versions of OpenSSL.
A new major security flaw was discovered in OpenSSL that allows malicious users to impersonate secure connections over transport layer security (TLS) or secure sockets layer (SSL) allowing intercept of encrypted information transmitted between servers and users. The flaw allows attackers to bypass checks against Certificate Authorities (CA), allowing the use of fake certificates to masquerade as legitimate certificate allowing man in the middle (MitM) attacks.
Upgrade your OpenSSL software accordingly
• 1.0.2c and 1.0.2b upgrade to 1.0.2d
• 1.0.1n and 1.0.1o upgrade to 1.0.1p.
A lot of users will be unaffected by this flaw as common browsers (Internet Explorer, Firefox & Safari) run their own crypto libraries, while Google’s Chrome runs BoringSSL. Although OpenSSL is used in desktop and mobile apps as well as Internet of Things (IoT) devices increasing the necessity to patch the flaw.