Early-CCS-Vulnerability/EN

Aus Siwecos
Version vom 7. Mai 2020, 10:39 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for Early-CCS Vulnerability

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Early-CCS vulnerability.
Result negativ Vulnerable to Early-CCS vulnerability.
Description The server is vulnerable to the Early-CCS vulnerability. This vulnerability allows an attacker to decrypt communication and read user input such as passwords under special circumstances.
Background The Early-CCS vulnerability is an implementation vulnerability in a 2014 TLS software library. If you are affected by this vulnerability, you should urgently update your software. The vulnerability is relatively minor, but a clear indicator that you have not updated your software for at least 5 years and are therefore affected by more serious attacks.
Consequence The server is vulnerable to a vulnerability that allows an attacker to decrypt the communication in special situations. The software used is obsolete.
Solution/Tips If vulnerability has been reported, immediately install an update to your TLS implementation on your server.