22.Feb.2014
Finnish Amiga Users Group (ANF)
|
SSL vulnerabilities in Amiga software
Harry 'Piru' Sintonen reveals security issues on Amiga SSL implementations.
Critical vulnerabilities are found in IBrowse, SimpleMail and other programs.
Summary of the text file found at the title link:
- IBrowse 2.4 is vulnerable to Man in the Middle attacks (sslsniff)
- SimpleMail 0.40 is vulnerable to Man in the Middle attacks (sslsniff)
- AWeb and IBrowse 2.4 support insecure SSL 2.0 and weak ciphers, enabling trivial attacks against the encrypted traffic
- SimpleMail allows weak ciphers, enabling trivial attacks against the encrypted traffic.
- AmiSSL is based on old version of OpenSSL, and several security vulnerabilities have been found since
- YAM 2.9 has secure SSL implementation (barring the deficiencies in AmiSSL itself)
(snx)
[News message: 22. Feb. 2014, 20:50] [Comments: 0]
[Send via e-mail] [Print version] [ASCII version]
|
