PADDING-ORACLE-Vulnerability-IMAPS/EN

Aus Siwecos
Version vom 7. Mai 2020, 10:40 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for Padding Oracle Vulnerability

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Padding Oracle Attacks.
Result negativ Vulnerable to Padding Oracle Attacks.
Description The server is vulnerable to a Padding-Oracle attack, which allows an attacker to decrypt the communication.
Background The Padding-Oracle Attack can be used by attackers to attack secured connections. It establishes a connection to the server and sends very specially prepared encrypted messages. These messages are almost correctly encrypted, but have errors in critical positions. A server that receives such a message must always reject these messages in the same way. An attacker evaluates the error messages sent and can use this information to partially decrypt the connection to the server, making the connection insecure.
Consequence The server is vulnerable to an implementation vulnerability that allows an attacker to decrypt the communication.
Solution/Tips If vulnerability has been reported, immediately install an update for your TLS implementation on your server.