How would you exploit this? What can you gain if you're already able to supply O... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Bootvis on March 1, 2016 \| parent \| context \| favorite \| on: Malformed private keys lead to heap corruption in ... How would you exploit this? What can you gain if you're already able to supply OpenSSL with a private key? Is there a way to supply or tamper with private keys remotely?

duaneb on March 1, 2016 | [–]

I imagine you could exploit neighbors—if, for instance, a load balancer serves multiple clients and allows uploading private keys, this could allow snooping their traffic AS a client.

justinsaccount on March 1, 2016 | [–]

I'm sure there is some PaaS type system that lets users upload their own keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact