CRIME-Vulnerability/EN

Aus Siwecos
Version vom 3. April 2019, 15:06 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for the CRIME vulnerability

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Crime
Result negativ Vulnerable to Crime
Description The server is vulnerable to Crime. This allows an attacker to decode the communication.
Background The CRIME attack takes advantage of the fact that data compression can change the length of encrypted messages, and this provides conclusions about the plain text. This can be used by a skilled attacker to steal cookies, for example.
Consequence The server is vulnerable through a security flaw that allows an attacker to decrypt the communication.
Solution/Tips CRIME can be prevented by disabling the use of compression of data in TLS. Disable TLS Compression on your server.