The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is a fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article.
FREAK (Factoring RSA Export Keys) is a vulnerability of the weak export cypher suites in SSL/TLS. Due to a weakness in the SSL/TLS protocols using only 512 or fewer bits it can easily be broken.
A server vulnerable for BEAST (Browser Exploit Against SSL/TLS) has the problem: By using weaknesses in cypher block chaining, an attacker can use Man-In-The-Middle attacks to decrypt and obtain authentication tokens.
The negotiation process of the SSL encryption uses much more resources on the server than on the client. If the client can initiate the renegotiation process, an attacker can render the server unavailable with a Denial of Service attack.
The heartbleed vulnerability allows attackers to steal the private key of a server certificate. If the server is vulnerable to heartbleed, this means that an attacker can retrieve the private key and impersonate the server.
The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.
The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations to be handled by different parties. This leaves your data vulnerable to Man-In-The-Middle attacks.
The TLS Signaling Cipher Suite Value (SCSV) is protection against TLS/SSL downgrade attacks. If enabled, the server makes sure that the strongest protocol that both client and server understand, is used.
A file inclusion allows the attacker to include arbitrary files into the web application, which can result in the exposure of sensitive files. This article describes, how you can efficiently prevent file inclusions.
A command injection vulnerability allows an attacker to execute arbitrary system commands, which can result in an entire takeover of the webserver. Learn here, how you can prevent command injections.
Copyright © Crashtest Security GmbH 2021. All rights reserved.