OpenSSL, Used by Majority of HTTPS Websites, Announces Critical Vulnerability Fix in Advance

0

OpenSSL, the open-source cryptography library widely used on the Internet by servers and websites, has announced in advance an upcoming critical-rated vulnerability patch to be released on November 1, 2022.

What’s going on?

We don’t have many specific details about the OpenSSL vulnerability at the time of writing, but what we do know is that it affects OpenSSL version 3.0 or higher.

According to OpenSSL, critical severity means vulnerability, “affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities that can be easily exploited remotely to compromise private server keys or where remote code execution is considered likely in common situations.

Because OpenSSL is widely used, the vulnerability could have far-reaching impacts and be widely exploited by threat actors.

What is OpenSSL?

Encryption has become one of the most important tools for securing data, and SSL certificates are practically mandatory for any HTTPS (Hypertext Transfer Protocol Secure) website.

OpenSSL is a software library for applications that secure communications over networks, providing an open source application of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocol.

What does Nuspire do?

Nuspire does not use an affected version of OpenSSL.

What should I do?

We recommend that organizations use this time before the patch is released to inventory their technologies to determine if any are using OpenSSL version 3.0+. Once the patch, titled OpenSSL 3.0.7, is released on November 1, organizations should install it immediately on all affected technologies.

The OpenSSL post, used by the majority of HTTPS websites, announces a critical vulnerability patch in advance appeared first on Nuspire.

*** This is a Nuspire Security Bloggers Network syndicated blog written by the Nuspire team. Read the original post at: https://www.nuspire.com/blog/openssl-used-by-majority-of-https-websites-pre-announces-critical-vulnerability-patch/

Share.

Comments are closed.