OPENSSL VULNERABILITIES – CVE-2016-2108 & CVE-2016-2107 On 3rd May 2016, OpenSSL released patches for two high severity bugs (CVE-2016-2108 & CVE-2016-2107), and 4 low severity ones. CVE-2016-2107 is an OpenSSL bug which allows a man-in-the-middle (MITM) attacker to use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the […]