OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities

Versions of OpenSSL earlier than 0.9.8q and 1.0.0c are potentially affected by multiple vulnerabilities :

• It may be possible to downgrade the ciphersuite to a weaker version by modifying the stored session cache cipher suite.

• An error exists in the J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret.