Some South Korean financial firms may be vulnerable to security breaches because they use an open source operating protocol that can expose customers' passwords and encryption keys, local regulators said Wednesday.

   The Financial Information Sharing and Analysis Center (ISAC), which assesses the security systems of local firms, said it found weaknesses in 12 of the 142 financial institutions assessed.

   Of the 12, 10 reported taking steps to rectify the problem, with two vowing to fix the weakness within the week.

   It said the 12 firms cited were vulnerable because they used an open secure sockets layer (SSL) in their security encryption systems. Open SSL is a program that secures and certifies online transactions between personal computers and Web servers used by financial firms.

   ISAC, set up under the Korea Financial Telecommunication and Clearings Institute, said that depending on the version used, there have been instances of passwords and encryption keys being leaked or stolen.

   Security for financial firms is a big issue in the country, with several high-profile hacking incidents hurting the credibility of some banks. (Yonhap)