Security Experts:

Connect with us

Hi, what are you looking for?



OpenSSL Patches Serious Certificate Forgery Vulnerability

The developers of OpenSSL have released versions 1.0.2d and 1.0.1p to address a high severity vulnerability that can be exploited by an attacker to bypass certain untrusted certificate checks and issue invalid certificates.

The developers of OpenSSL have released versions 1.0.2d and 1.0.1p to address a high severity vulnerability that can be exploited by an attacker to bypass certain untrusted certificate checks and issue invalid certificates.

The issue, described by OpenSSL as an alternative chain certificate forgery flaw (CVE-2015-1793), was introduced with OpenSSL versions 1.0.1n and 1.0.2b released last month.

According to an advisory published on Thursday morning, the vulnerability is related to the certificate verification process. If the first attempt to build a certificate chain fails, OpenSSL will try to identify an alternative chain.

“An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and ‘issue’ an invalid certificate,” the OpenSSL Project team explained. “This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.”

The vulnerability was reported to the developers of the SSL/TLS toolkit on June 24 by Google’s Adam Langley and David Benjamin, who both work on BoringSSL, the search giant’s own version of OpenSSL. OpenSSL developers noted that the fix for CVE-2015-1793 was developed by members of the BoringSSL project.

This bug affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. It does not impact the 1.0.0 or 0.9.8 releases, OpenSSL said. Users of OpenSSL 1.0.2b and 1.0.2c are advised to upgrade their installations to version 1.0.2d, while OpenSSL 1.0.1n and 1.0.1o users should upgrade to version 1.0.1p.

“Exploiting the OpenSSL vulnerability (CVE-2015-1793) is not quick or easy, making it nowhere near as serious as Heartbleed. For starters, an attacker can’t simply directly attack a vulnerable server due to the nature of the vulnerability,” Veracode’s VP of Research, Chris Eng, told SecurityWeek“Going after an individual is also challenging since the major browsers – Chrome, Firefox, IE – don’t use OpenSSL. Even if a user with a vulnerable niche browser were to be targeted, the culprit would have to first deploy a man-in-the-middle (MitM) attack to get access to the browser itself. From there, they would need to serve a forged certificate to the browser directly.”

“Since the bug only affects a few OpenSSL versions that were released in June 2015, major operating systems like RHEL, Ubuntu and CentOS are not vulnerable since they hadn’t yet incorporated the problematic updates at time of release. To be clear, this is a bad vulnerability and a nice find by the BoringSSL team; however, the overall impact is expected to be minimal,” Eng added.

OpenSSL developers also took this opportunity to remind users that versions 1.0.0 and 0.9.8 will no longer be supported starting with December 31, 2015. After this date, security updates will not be provided for these versions.

The fact that it consists of more than 500,000 lines of code makes OpenSSL difficult to maintain and researchers constantly uncover security flaws.

None of the recently patched bugs are as serious as Heartbleed, the OpenSSL weakness that exposed millions of websites last year. However, since another Heartbleed could be discovered at any moment, experts are advising users to consider alternatives.

One alternative would be Amazon’s s2n, a new open source implementation of TLS designed to be simple, small, fast, and secure. s2n consists of only 6,000 lines of code and it has already undergone three external security evaluations and penetration tests. Amazon plans on integrating s2n into several AWS services in the upcoming period.

*Updated with information from Chris Eng.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet