OpenSSL V3 Vulnerability

As you may have seen, the latest in the world’s vulnerability nightmares is around OpenSSL. Whilst many will push for chaos, it may not be the case.

As GossiTheDog shared, Wiz.io found that a small portion of their customers used v3+.

https://www.wiz.io/blog/critical-openssl-vulnerability-everything-you-need-to-know

Should I panic?

It really depends on your infrastructure, but a simple check would be to load cmd.exe or Terminal and run:

OpenSSL Version

If it outputs anything v3+, you will need to watch for more information on v3.0.7

For those that have enterprise systems, here are a few blogs to read:

Qualys: vulnerabilities.vulnerability.qid:38879

CrowdStrike

Microsoft

Snyk.io

— More information to come —

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: