DigiCert Blog

All posts under: Vulnerabilities

  1. This POODLE Bites: New Vulnerability Found on Servers

    Today, Google¬†announced a vulnerability in the implementation of the SSL 3.0 protocol, potentially compromising secure connections online. DigiCert and other security experts are recommending system administrators disable SSL 3.0 on their servers and use TLS 1.1 or 1.2. This vulnerability does not affect SSL Certificates. There is no need to renew, reissue, or reinstall any…


  2. Shellshock Bash Bug: What You Need to Know

    Currently known as ‘Shellshock’ or ‘the bash bug,’ the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) affects almost all Linux, UNIX, and Mac OS X operating systems (which are based on UNIX). Administrators are being urged to patch immediately as the bug is wide-spread, extremely serious, and attacks exploiting it are easy to implement. There…


  3. Android Browser Bug Allows Same Origin Policy Bypass

    The AOSP browser in pre-4.4 Android devices contains a vulnerability that allows hackers to see the contents of other web pages that are open during a browser session. This vulnerability affects a huge number of Android devices in use right now, and there is even a Metasploit module to exploit it. “This is a privacy…


  4. New OpenSSL Security Updates, No Major Security Threats

    Top SSL Lifecycle Management Problems

    On August 6, 2014, developers at OpenSSL released new updates to resolving nine previously reported security issues categorized with a severity of moderate or less. This next round of updates to the widely-used OpenSSL library, that most servers on the Internet rely on to implement secure SSL/TLS connections, shows that the project is actively promoting…


  5. OpenSSL Developers Release Update to Fix Known Vulnerabilities

    SSL Trusted by All Browsers

    The OpenSSL project developers have released new patches resolving vulnerabilities in their software. Unlike Heartbleed, this OpenSSL update does not affect SSL Certificates. Administrators are strongly advised to update their systems to the latest version of OpenSSL in order to ensure that communication between clients and servers remain secure. The possible vulnerability, known as CCS…