Insecure-Encryption-Function RC4/EN: Unterschied zwischen den Versionen
| Zeile 14: | Zeile 14: | ||
| − | [[Category:Siwecos-Scanner]] | + | [[Category:Siwecos-Scanner/EN]] |
{{:{{PAGENAME}}/Category}} | {{:{{PAGENAME}}/Category}} | ||
[[Category:Glossar]] | [[Category:Glossar]] | ||
Version vom 13. März 2019, 16:09 Uhr
Check for RC4 encryption method
| Check | Outdated RC4 encryption supported |
| Beschreibung | Your web server/website is configured to continue supporting the RC4 encryption feature, which is now considered insecure. This weakens your connections and can lead to an attacker decrypting your data. |
| Hintergrund | The long-established encryption algorithm RC4 has been considered insecure for many years. Security researchers are aware of many critical gaps. In 2015, the IETF (Internet Engineering Task Force) banned the use of RC4 for TLS Connections in RFC7465. |
| Auswirkung | Attackers can use RC4 encryption to potentially decrypt the communication between your website and your customer's browser, as RC4 has known vulnerabilities. This can be used to read passwords, form data or credit card information and misuse them for criminal purposes. |
| Lösung / Tipps | If Outdated RC4 encryption supported was reported, deactivate support for the RC4 encryption. |
