Early-CCS-Vulnerability-SMTP MSA/EN
Version vom 26. Oktober 2019, 13:09 Uhr von Siwebot (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=== {{:{{PAGENAME}}/Headline}} === If the result is positive, there is no need for further action. If the result is negative, please read the following inst…“)
Check for Early CCS Vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Not vulnerable to Early CCS vulnerability. |
Result negativ | Vulnerable to Early CCS vulnerability. |
Description | The server is vulnerable to the Early-CCS vulnerability. This vulnerability allows an attacker to decrypt communication and read user input such as passwords under special circumstances. |
Background | The Early CCS vulnerability is an implementation vulnerability in a 2014 TLS software library. If you are affected by this vulnerability, you should urgently update your software. The vulnerability is relatively minor, but a clear indicator that you have not updated your software for at least 5 years and are therefore affected by more serious attacks. |
Consequence | The server is vulnerable to a vulnerability that allows an attacker to decrypt the communication in special situations. The software used is obsolete. |
Solution/Tips | If vulnerability has been reported, immediately install an update to your TLS implementation on your server. |