PADDING-ORACLE-Vulnerability-POP3S/EN/Background

Aus Siwecos
Wechseln zu: Navigation, Suche

The Padding-Oracle attack can be used by attackers to attack secured connections. It establishes a connection to the server and sends very specially prepared encrypted messages. These messages are almost correctly encrypted, but have errors in critical positions. A server that receives such a message must always reject these messages in the same way. An attacker evaluates the error messages sent and can use this information to partially decrypt the connection to the server, making the connection insecure.