New SSL Vulnerability
Many popular applications, HTTP(S) and WebSocket transport libraries, and SOAP and REST Web-services middleware use SSL/TLS libraries incorrectly, breaking or disabling certificate validation. Their SSL and TLS connections are not authenticated, thus they -- and any software using them -- are completely insecure against a man-in-the-middle attacker.
Great research, and -- yes -- the vulnerability should be fixed, but it doesn't feel like a crisis issue.
Posted on November 7, 2012 at 1:39 PM • 22 Comments