Early-CCS-Vulnerability/EN
Version vom 7. Mai 2020, 11:39 Uhr von Siwebot (Diskussion | Beiträge)
Check for Early-CCS Vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
| Result positive | Not vulnerable to Early-CCS vulnerability. |
| Result negativ | Vulnerable to Early-CCS vulnerability. |
| Description | The server is vulnerable to the Early-CCS vulnerability. This vulnerability allows an attacker to decrypt communication and read user input such as passwords under special circumstances. |
| Background | The Early-CCS vulnerability is an implementation vulnerability in a 2014 TLS software library. If you are affected by this vulnerability, you should urgently update your software. The vulnerability is relatively minor, but a clear indicator that you have not updated your software for at least 5 years and are therefore affected by more serious attacks. |
| Consequence | The server is vulnerable to a vulnerability that allows an attacker to decrypt the communication in special situations. The software used is obsolete. |
| Solution/Tips | If vulnerability has been reported, immediately install an update to your TLS implementation on your server. |
