Invalid-Curve-Vulnerabilty-IMAP/EN
Check for Invalid Curve Vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Not vulnerable to Invalid Curve Attacks. |
Result negativ | Vulnerable to Invalid Curve Attacks. |
Description | The server is vulnerable to an Invalid Curve attack. This allows an attacker to steal the secret key of your certificate. After that, all your future connections will also be compromised, as well as parts of your past communication. |
Background | For cryptographic encryption, elliptical curves must be selected very carefully, since keys are created from certain curve points, which is not so easy. |
Consequence | The server is vulnerable to an implementation vulnerability that allows an attacker to decrypt the communication and steal the private key of your certificate. |
Solution/Tips | If vulnerabilities have been reported, immediately install an update to your TLS implementation on your server. You should also replace your certificate, as it may already have been compromised. |