OpenSSL < 0.9.8j Signature Spoofing
Medium Nessus Plugin ID 17762
SynopsisThe remote server is affected by a signature validation bypass vulnerability.
DescriptionAccording to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8j.
A remote attacker could implement a man-in-the-middle attack by forging an SSL/TLS signature using DSA and ECDSA keys which bypass validation of the certificate chain.
SolutionUpgrade to OpenSSL 0.9.8j or later.