SecurityCenter and PVS are potentially impacted by a vulnerability in OpenSSL that was recently disclosed and fixed. Note that due to the time involved in doing a full analysis of the issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time. OpenSSL crypto/x509/x509_vfy.c X509_verify_cert() Function Alternative Certificate Chain Handling Certificate Validation Bypass OpenSSL contains a flaw in the X509_verify_cert() function in crypto/x509/x509_vfy.c that is triggered when locating alternate certificate chains in cases where the first attempt to build such a chain fails. This may allow a remote attacker to cause certain certificate checks to be bypassed, leading to an invalid presented certificate being considered as valid. Please note that Tenable strongly recommends that SecurityCenter and PVS be installed on a subnet that is not Internet addressable.