The OpenSSL project released a new build yesterday that includes fixes for two vulnerabilities. CVE-2021-3449 allows for a denial of service against servers. If a maliciously crafted request to the ClientHello is sent to the server without the signature_algorithms extension but includes the signature_algorithms_cert extension in a renegotiation, the server can crash. Exploiting this vulnerability to crash the server is trivial, especially if the vulnerable device is accessible from the Internet. CVE-2021-3450 affects both client and servers. Due to improper validation, it is possible to issue certificates with a regular, non-Certificate Authority certificate.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security