CRIME-Vulnerability/EN

Aus Siwecos
Wechseln zu: Navigation, Suche

Check for the CRIME vulnerability

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Crime
Result negativ Vulnerable to Crime
Description The server is vulnerable to Crime. This allows an attacker to decode the communication.
Background The exploited vulnerability ([1]) is a combination of chosen plain text attack and unintentional information leakage caused by data compression. CRIME can be prevented by disabling the use of compression, either on the client side, if the browser disables the compression of SPDY requests, or if the web page prevents the use of data compression for such transactions using the protocol negotiation characteristics of the TLS protocol.
Consequence The server is vulnerable through a security flaw that allows an attacker to decrypt the communication.
Solution/Tips Crime vulnerability can be defeated by preventing the use of compression. Either on the client side, if the browser disables the compression of SPDY requests, or if the web page prevents the use of data compression for such transactions using the protocol negotiation characteristics of the TLS protocol. Deactivate TLS compression on your server.