Tripwire has released a free Python script that’s designed to help organizations determine if their servers are affected by the recently patched Man-in-the Middle (MitM) vulnerability in OpenSSL.
The ChangeCipherSpec (CCS) injection vulnerability (CVE-2014-0224) is said to have existed for more than 15 years and should be treated seriously. However, the vulnerability is not as dangerous as the Heartbleed bug, as an attacker needs to be able to position himself between the client and the server in order to decrypt or modify traffic.
The OpenSSL CSS inject test script from Tripwire can detect the existence of the OpenSSL security hole on servers running a wide range of configurations.
“It attempts to negotiate using each affected protocol version (SSLv3, TLSv1, TLSv1.1, and TLSv1.2) advertising a comprehensive set of ciphers,” Tripwire’s Craig Young explained in a blog post.
“This script is designed to recognize when an SSL server does not actively reject an early CCS message. This behavior is indicative of whether an OpenSSL library has been patched to enforce the proper message order,” Young noted.
Experts have highlighted the fact that servers running a version of OpenSSL prior to 1.0.1 are unlikely to be exploited, but users should ensure their systems are patched just to be safe.
The OpenSSL CCS Inject Test Script is available for download on Tripwire’s website.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
