SSL/TLS Protocol Vulnerability

Last Update Date: 3 Oct 2011 Release Date: 30 Sep 2011 6000 Views

RISK: Medium Risk

Medium Risk

TYPE: Attacks - Other

TYPE: Other

A vulnerability has idenitied in SSL/TLS using Cypher Block Chaining (CBC), which can be exploited by malicious people to conduct Man-in-the-middle attack to decrypt encrypted SSL/TLS traffic and obtain sensitive information.

 

A proof of concept attack had released.

Impact

  • Information Disclosure

System / Technologies affected

  • Any Internet software and network devices using the cipher suites of SSL v3.0/TLS v1.0 with CBC mode.

 

Solutions

  • For General user
    • Use web browsers which do not affected by this vulnerability, e.g. Firefox, Google Chrome v14 or above, Opera v11.51 or above
    • Enable support for TLS v1.1 and/or TLS v1.2 in the web browsers
  • For IT Administrator
    • Disable those ciphers utilise Cypher Block Chaining (CBC)
    • Enable support for TLS v1.1 in server software/network device
    • Prioritize the use of the RC4 algorithm over block ciphers in server software

    Remark: Please test the setting before apply it.

 

Vulnerability Identifier

 

Source

 

Related Link

Share with

Previous

Apache HTTPD Range header vulnerability

29 Aug 2011 6621 Views

Next

VMware Workstation / Player / Fusion UDF Filesystem Handling Buffer Overflow Vulnerability

6 Oct 2011 5365 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY