SeaCat Technology and the Latest OpenSSL Update (1.1.0e)
February 21, 2017
OpenSSL released a new version on February 16, 2017. The new version fixed one high-severity issue regarding renegotiation of the Encrypt-then-MAC (EtM) extension, an approach to authenticated encryption. The vulnerability is identified as CVE-2017-3733. Several, not yet known, cipher suites are affected; therefore disabling affected cipher suites can not be used as a workaround.
TeskaLabs’ SeaCat technology uses the 1.0.2 series for its cryptography library, so this update does not affect our technology in any way.
Recommendation:
Your systems and applications are affected if they use OpenSSL 1.1.0 series. EtM is the strongest approach to authenticated encryption. We strongly recommend you to update to the latest version.
Your application developers or operators should inform you about update requirements. If you have any concern about the security of your systems, we are ready to help you.
If you have any question, please contact support@teskalabs.com. Alternatively, look at our documentation to know more about SeaCat application security technology.
Most Recent Articles
- A beginner-friendly intro to the Correlator for effective cybersecurity detection
- Inotify in ASAB Library
- From State Machine to Stateless Microservice
- Entangled ways of product development in the area of cybersecurity #3 - LogMan.io
- Entangled ways of product development in the area of cybersecurity #2 - BitSwan
You Might Be Interested in Reading These Articles
SeaCat Application Security Technology Is Not Impacted by the SWEET32 Issue (CVE-2016-2183)
The new vulnerability CVE-2016-2183 affects the 3DES block cipher in TLS and OpenVPN software. During an attack, attackers need to find a collision of block cipher initialization vector used at the beginning of the encrypted data stream and decrypt the traffic between the victim and the server.
Published on August 26, 2016
OpenSSL DROWN Vulnerability Affects Millions of HTTPS Websites and Software Supporting SSLv2 (CVE-2016-0800)
DROWN is caused by legacy OpenSSL SSLv2 protocol, known to have many deficiencies. Security experts have recommended to turn it off, but apparently many servers still support it because disabling SSLv2 requires non-default reconfiguration of the SSL cryptographic settings which is not easy for common IT people who have limited security knowledge and don’t know the location to disable this protocol and the way to disable it.
Published on April 12, 2016
TeskaLabs’ Technology SeaCat Unaffected by GNU C Library Security Vulnerability (CVE-2015-7547)
TeskaLabs, a Prague and London based startup in application security, today affirmed that their core products are not exposed to the GLibC flaw, a highly critical security vulnerability. There is now a rapidly growing number of IoT devices that use Linux as their operating system and inherently GLibC.
Published on February 17, 2016