Back

Server Certificate Validation Through OCSP Stapling

By
Jijith Rajan
Published on
02 Apr 2022
Vulnerability

SSL Certificates are data files that bind a cryptographic key. There are servers that uses vulnerable versions of openSSL. This may lead to OCSP stapling vulnerability. The old versions of OpenSSL allow remote attackers to successfully attempt a denial of service. The attacker can also possibly get sensitive information in a web application. This can be done by using a vulnerable/improper ClientHello handshake message. This message will trigger out-of-bounds memory access.

Impact

The impact include:-

  • Denial of service
  • OCSP Stapling

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Updating the OpenSSL to Latest version
  • Upgrading the version
  • If it is not immediately possible, patch the source code for OCSP Stapling
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Start free trial
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour