Version 1.0.0c of OpenSSL was recently released, fixing two vulnerabilities.

"A flaw in an older workaround for Netscape browsers and servers can be remotely exploited to make an OpenSSL server downgrade the ciphersuite to a weaker one for subsequent connections," according to The H Security.

"Another flaw in the implementation of the 'Password Authenticated Key Exchange by Juggling' protocol allows intruders to authenticate themselves without a secret key," the article states

Click here to read the article at The H Security.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.