Invalid-Curve-Vulnerability/EN

Aus Siwecos
Wechseln zu: Navigation, Suche

Check for the Invalid Curve vulnerability.

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Invalid Curve attacks.
Result negativ Vulnerable to Invalid Curve attacks.
Description The server is vulnerable to an Invalid Curve attack. This allows an attacker to steal the private key of your certificate.
Background For cryptographic encryption, elliptic curves must be selected very carefully because the keys are created from certain points on a curve, which is not easy to do.
Consequence The server is vulnerable through an implementation vulnerability that allows an attacker to decrypt the communication and to steal the private key of your certificate.
Solution/Tips If vulnerability was reported, update your TLS implementation on your server immediately.