A security researcher has discovered a new, remotely exploitable vulnerability in OpenSSL that could let an attacker intercept and decrypt traffic between vulnerable clients and servers. The Heartbleed flaw in the popular OpenSSL Internet security protocol, found earlier this year, forced many website operators to update their software and advise millions of users to change their passwords. The new vulnerability—which Masashi Kikuchi, a researcher with IT consultancy Lepidum Co., found—affects all OpenSSL versions. To exploit the bug, an attacker must first have a man-in-the-middle position on a network. (SlashDot)(Threat Post)(Computerworld)(OpenSSL Security Advisory)(Lepidium Co.)
