An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)

OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL clients or remote SSL servers send clean application data without encryption.

This Security Bypass vulnerability (CVE-2017-3737) is caused by an error when the SSL_read or SSL_write function handles an “error state” during an SSL handshake…

Article Link: https://blog.fortinet.com/2018/01/12/an-analysis-of-the-openssl-ssl-handshake-error-state-security-bypass-cve-2017-3737