Do you want to remove all your recent searches?

All recent searches will be deleted


2 years ago170 views

This video shows a private tool exploiting a vulnerability in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a that allows a remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. When successfully exploited, this vulnerability causes the server to crash or slow down.

In this video the attack is launched against a test service run through "openssl s_server" but any TLS/SSL service using a vulnerable version of openssl is affected (exim, dovecot, sendmail, etc...)

Report this video

Select an issue

Embed the video

<iframe frameborder="0" width="480" height="270" src="//" allowfullscreen allow="autoplay"></iframe>
Add the video to your site with the embed code above