Early-CCS-Vulnerability-SMTP MSA/EN

Aus Siwecos
Version vom 7. Mai 2020, 10:39 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for Early CCS Vulnerability

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Early CCS vulnerability.
Result negativ Vulnerable to Early CCS vulnerability.
Description The server is vulnerable to the Early-CCS vulnerability. This vulnerability allows an attacker to decrypt communication and read user input such as passwords under special circumstances.
Background The Early CCS vulnerability is an implementation vulnerability in a 2014 TLS software library. If you are affected by this vulnerability, you should urgently update your software. The vulnerability is relatively minor, but a clear indicator that you have not updated your software for at least 5 years and are therefore affected by more serious attacks.
Consequence The server is vulnerable to a vulnerability that allows an attacker to decrypt the communication in special situations. The software used is obsolete.
Solution/Tips If vulnerability has been reported, immediately install an update to your TLS implementation on your server.