Early-CCS-Vulnerability/EN
Version vom 7. Mai 2020, 10:39 Uhr von Siwebot (Diskussion | Beiträge)
Check for Early-CCS Vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Not vulnerable to Early-CCS vulnerability. |
Result negativ | Vulnerable to Early-CCS vulnerability. |
Description | The server is vulnerable to the Early-CCS vulnerability. This vulnerability allows an attacker to decrypt communication and read user input such as passwords under special circumstances. |
Background | The Early-CCS vulnerability is an implementation vulnerability in a 2014 TLS software library. If you are affected by this vulnerability, you should urgently update your software. The vulnerability is relatively minor, but a clear indicator that you have not updated your software for at least 5 years and are therefore affected by more serious attacks. |
Consequence | The server is vulnerable to a vulnerability that allows an attacker to decrypt the communication in special situations. The software used is obsolete. |
Solution/Tips | If vulnerability has been reported, immediately install an update to your TLS implementation on your server. |