CRIME-Vulnerability/EN: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „=== <span style="color:#c31622">{{:{{PAGENAME}}/Headline}}<span>=== {| class="wikitable" |'''Check'''|| {{:{{PAGENAME}}/Negative}} |- |'''Beschreibung'''…“) |
|||
Zeile 15: | Zeile 15: | ||
[[Category:Siwecos-Scanner]] | [[Category:Siwecos-Scanner]] | ||
− | + | {{:{{PAGENAME}}/Category}} | |
[[Category:Glossar]] | [[Category:Glossar]] |
Version vom 8. März 2019, 09:20 Uhr
Check for the CRIME vulnerability
Check | Vulnerable to Crime |
Beschreibung | The server is vulnerable to Crime. This allows an attacker to decode the communication. |
Hintergrund | The CRIME attack takes advantage of the fact that data compression can change the length of encrypted messages, and this provides conclusions about the plain text. This can be used by a skilled attacker to steal cookies, for example. |
Auswirkung | The server is vulnerable through a security flaw that allows an attacker to decrypt the communication. |
Lösung / Tipps | CRIME can be prevented by disabling the use of compression of data in TLS. Disable TLS Compression on your server. |