Unknown High Severity Vulnerability to be patched by 19th March 2015
OpenSSL is an open-source implementation of the SSL and TLS protocols.
The OpenSSL project was founded in 1998 to invent a free set of encryption tools for the code used on the Internet. As of 2014 two thirds of all webservers use it.
These releases will be made available on 19th March,” Caswell wrote. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as high severity.
Since the vulnerability has not been disclosed yet, specialist are speculating that it might be something to do with Heartbleed or/and Poodle bug.
OpenSSL Team had some hard time recently.
Last year in April, Heardbleed was discovered which essentially allowed hackers to reveal encrypted data.
In June another Man In The Middle Vulnerability was discovered but was fixed quickly, unlike Heartbleed it was not that dangerous, not dangerous enough to reveal encrypted data.
Few months later, Padding Oracle On Downgraded Legacy Encryption Vulnerability was discovered in SSL 3.0 Cryptography Protocol, which would allow hackers to decrypt secure website connection.
And now recently, another vulnerability named as Factoring Attack on RSA-EXPORT Keys, which would allow hackers the ability to downgrade to weaker ciphers, which would allow them to break it easily.
CII members commit to contributing $100,000 per year for at least three years so the total investment now stands at $5.4 million spread for that period.
