Padding-Oracle-Vulnerability/EN

Aus Siwecos
Version vom 7. Mai 2020, 10:40 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for the Padding Oracle vulnerability.

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Padding Oracle attacks.
Result negativ Vulnerable to Padding Oracle attacks.
Description The server is vulnerable to a Padding Oracle attack, which allows an attacker to decrypt the communication.
Background A Padding Oracle attack is a cryptographic attack that decrypts an encrypted message. For this he sets up a connection to the server and sends very specially prepared encrypted messages. These messages are almost correctly encrypted, but have incorporated errors at crucial positions. A server receiving such a message must always reject these messages in the same way. An attacker evaluates the sent error messages and can use These informations, if necessary, to partially decrypt the connection to the server, which makes the connection unsafe.
Consequence The server is vulnerable through an implementation vulnerability that allows an attacker to decrypt the communication.
Solution/Tips If vulnerability was reported, update your TLS implementation on your server immediately.