US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.

US-CERT encourages OpenSSL users and administrators to review the OpenSSL 0.9.81 release and apply any updates.

US-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available.