A new flaw in how some developers implement RSA cryptography has left OpenSSL and other applications vulnerable to attackers forging digital signatures and spoofing Websites as well as SSL clients.

OpenSSL, one of the most popular open cryptography toolkits, was the first to report the flaw in its RSA cryptography implementation, along with Fedora, which uses OpenSSL in Fedora Core 5 Linux, but security researchers say there will likely be more disclosures soon from other open source as well as commercial software vendors. The flaw was originally discovered by Bell Labs researcher Daniel Bleichenbacher. "It's particularly worrisome to think that some hardware-accelerated appliances may be hardwired into being vulnerable to the attack" as well, says Thomas Ptacek, a researcher with Matasano Security.

The link for this article located at DarkReading is no longer available.