Padding-Oracle-Vulnerability/EN: Unterschied zwischen den Versionen
Zeile 1: | Zeile 1: | ||
− | === | + | === {{:{{PAGENAME}}/Headline}} === |
{| class="wikitable" | {| class="wikitable" |
Version vom 26. März 2019, 11:10 Uhr
Check for the Padding Oracle vulnerability.
Check | Vulnerable to Padding Oracle attacks. |
Description | The server is vulnerable to a Padding Oracle attack, which allows an attacker to decrypt the communication. |
Background | A Padding Oracle attack is a cryptographic attack that decrypts an encrypted message. For this he sets up a connection to the server and sends very specially prepared encrypted messages. These messages are almost correctly encrypted, but have incorporated errors at crucial positions. A server receiving such a message must always reject these messages in the same way. An attacker evaluates the sent error messages and can use These informations, if necessary, to partially decrypt the connection to the server, which makes the connection unsafe. |
Consequence | The server is vulnerable through an implementation vulnerability that allows an attacker to decrypt the communication. |
Solution/Tips | If vulnerability was reported, update your TLS implementation on your server immediately. |