New OpenSSL flaw found: Could this be the next Heartbleed bug?

The OpenSSL Project team has issued a warning about a new “high severity” flaw. More details about the flaw will be rolled out on Thursday.

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as ‘high’ severity. This defect does not affect the 1.0.0 or 0.9.8 releases.” This alert and update information was released on Monday.

The OpenSSL is a global community of volunteers that are working towards developing an open source toolkit that include Secure Sockets Layer (SSL), Transport Layer Security (TLS) protocols and also has a strong general purpose cryptography library. This open source toolkit is meant to be a full-feature, commercial grade toolkit.

This new alert has got the entire industry talking because of the 2014 OpenSSL-Heartbleed connection. At the 2014 Codenomicon, the security engineers found a bug that could give the hackers access to all the user passwords. But that wasn’t the end of the story. The bug could also allow the hackers to trick the users into using fake versions of popular websites.

That bug was then called Heartbleed that affected most of the Internet.

Tim Erlin, director of IT security and risk strategy at the advanced threat protection firm Tripwire says “A huge part of the heartburn with Heartbleed came from the scramble to identify where organisations were vulnerable and how to apply patches. In this case, a little organisation can go a long way to a smoother patching cycle.”

He further says “Software vendors who use OpenSSL can be prepared to patch their code and shop new versions faster, and end-users can inventory where they have OpenSSL and set up appropriate testing environments ahead of time.”