PADDING-ORACLE-Vulnerability-IMAPS/EN: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „=== {{:{{PAGENAME}}/Headline}} === If the result is positive, there is no need for further action. If the result is negative, please read the following inst…“) |
|||
| Zeile 1: | Zeile 1: | ||
| + | |||
=== {{:{{PAGENAME}}/Headline}} === | === {{:{{PAGENAME}}/Headline}} === | ||
Aktuelle Version vom 7. Mai 2020, 10:40 Uhr
Check for Padding Oracle Vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
| Result positive | Not vulnerable to Padding Oracle Attacks. |
| Result negativ | Vulnerable to Padding Oracle Attacks. |
| Description | The server is vulnerable to a Padding-Oracle attack, which allows an attacker to decrypt the communication. |
| Background | The Padding-Oracle Attack can be used by attackers to attack secured connections. It establishes a connection to the server and sends very specially prepared encrypted messages. These messages are almost correctly encrypted, but have errors in critical positions. A server that receives such a message must always reject these messages in the same way. An attacker evaluates the error messages sent and can use this information to partially decrypt the connection to the server, making the connection insecure. |
| Consequence | The server is vulnerable to an implementation vulnerability that allows an attacker to decrypt the communication. |
| Solution/Tips | If vulnerability has been reported, immediately install an update for your TLS implementation on your server. |
