New SSL Vulnerability
It’s hard for me to get too worked up about this vulnerability:
Many popular applications, HTTP(S) and WebSocket transport libraries, and SOAP and REST Web-services middleware use SSL/TLS libraries incorrectly, breaking or disabling certificate validation. Their SSL and TLS connections are not authenticated, thus they—and any software using them—are completely insecure against a man-in-the-middle attacker.
Great research, and—yes—the vulnerability should be fixed, but it doesn’t feel like a crisis issue.
Leave a comment