On January 28th, 2016, OpenSSL released a patch to update a high risk vulnerability. It was discovered and reported that prime “files may not be “safe”. Where an application is using DH configured with parameters based on primes that are not “safe” then an attacker could use this fact to find a peer’s private DH exponent.” You can read the full report here.
The new OpenSSL version, 1.0.2f has corrected the issue, so all users need to update in order to prevent potential threats to their products. The number of vulnerabilities that OpenSSL has had to correct continues to rise, presenting the question, what is the best source for product hardening in the marketplace?
Contact Corsec to learn more about alternative libraries that can protect your product and avoid costly and damaging attacks.