Crypto Flaw Prone to Spoofing

A new flaw in how some developers implement RSA cryptography has left OpenSSL and other applications vulnerable to attackers forging digital signatures and spoofing Websites as well as SSL clients.

OpenSSL, one of the most popular open cryptography toolkits, was the first to report the flaw in its RSA cryptography implementation, along with Fedora, which uses OpenSSL in Fedora Core 5 Linux, but security researchers say there will likely be more disclosures soon from other open source as well as commercial software vendors. The flaw was originally discovered by Bell Labs researcher Daniel Bleichenbacher. Dark Reading - Desktop Security - Crypto Flaw Prone to Spoofing - Security News Analysis

Linked by shanmuga Tuesday, 12th September 2006 1:49AM