weak RC4 ciper suite usage
I found a ssl /tls vuln in vpn.cuvva.com which is now resolved.
About:~
attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm which become apparent in TLS ciphertexts when the same plaintext is repeatedly encrypted.
-------------------------------- Below is the cipher suit being used -----------------
RC4 cipher suites (SSL3 on port 443):
SSL3_CK_RSA_RC4_128_SHA - High strength
-------------------------------- Below is the cipher suit being used -----------------
RC4 cipher suites (SSL3 on port 443):
SSL3_CK_RSA_RC4_128_SHA - High strength
what would be the Impact?
An attacker can recover a limited amount of plaintext from a TLS connection when RC4 encryption is used.
An attacker can recover a limited amount of plaintext from a TLS connection when RC4 encryption is used.
H1 report: https://hackerone.com/reports/231068
status: resolved
Comments
Post a Comment