Invalid-Curve-Vulnerability/EN

Aus Siwecos
Wechseln zu: Navigation, Suche

Check for the Invalid Curve vulnerability.

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Invalid Curve attacks.
Result negativ Vulnerable to Invalid Curve attacks.
Description The server is vulnerable to an Invalid Curve attack. This allows an attacker to steal the secret key of your certificate. After that, all your future connections will also be compromised, as well as parts of your past communication.
Background For cryptographic encryption, elliptic curves must be selected very carefully because the keys are created from certain points on a curve, which is not easy to do.
Consequence The server is vulnerable through an implementation vulnerability that allows an attacker to decrypt the communication and to steal the private key of your certificate.
Solution/Tips If vulnerabilities have been reported, immediately install an update to your TLS implementation on your server. You should also replace your certificate, as it may already have been compromised.