| Analyzing Heartbleed Vulnerability |
Your connection is immune against heartbleed attack. |
|
Description: 'Heartbleed' was a critical vulnerability in SSL which would enable an adversary to retrieve sensitive
information from the corresponding server.
Validation Conditions: This test passes if the server is not vulnerable to this attack.
|
|
| Analyzing CCS Vulnerability |
Your connection is immune against CCS attack. |
|
Description: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing
of 'ChangeCipherSpec' messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in
certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions
or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.
|
|
| Analyzing Ticketbleed Vulnerability |
Your connection is immune against ticketbleed attack. |
|
Description: 'The Ticketbleed-Bug' was a programming error in enterprise-level hardware.
This bug allows a remote attacker to extract up to 31 bytes of uninitialized
memory at a time. This memory can potentially contain key material or
sensitive data from other connections.
Validation Conditions: This test passes if the server is not vulnerable to 'ticketbleed-bug'.
|
|
| Analyzing ROBOT vulnerability |
Your connection is immune to ROBOT attack. |
|
Description: ROBOT is the return of a 19-year-old vulnerability that allows performing RSA
decryption and signing operations with the private key of a TLS server.
In 1998, Daniel Bleichenbacher discovered that the error messages given
by SSL servers for errors in the PKCS #1 v1.5 padding allowed an
adaptive-chosen ciphertext attack; this attack fully breaks the
confidentiality of TLS when used with RSA encryption.
Validation Conditions: This test passes if the sever is not vulnerable to the ROBOT attack.
|
|
| Analyzing Secure Renegotiation |
Your connection is immune against secure_renego attack. |
|
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used
in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache
HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier,
Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple
Cisco products, and other products, does not properly associate renegotiation
handshakes with an existing connection, which allows man-in-the-middle attackers
to insert data into HTTPS sessions, and possibly other types of sessions
protected by TLS or SSL, by sending an unauthenticated request that is processed
retroactively by a server in a post-renegotiation context, related to a
"plaintext injection" attack, aka the "Project Mogul" issue.
Validation Conditions: This test passes if the server is not vulnerable to this bug.
|
no session ticket extension |
|
| Analyzing Client-initiated Secure Connection |
Your server is properly configured to support Secure Client Renegotiation. |
|
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, while implemented on many different
products, cannot perform a renegotiation handshake correctly. This allows attackers to use a
man-in-the-middle attack to insert data into HTTPS sessions, and possibly other types of sessions
protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by
a server in a post-renegotiation context, related to a "plaintext injection" attack,
aka the "Project Mogul" issue.
Validation Conditions: This test passes if the server does not have this vulnerability.
|
|
| Analyzing protection against CRIME Attack |
Your connection is immune against CRIME_TLS attack. |
|
Description: CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against
secret web cookies over connections using the HTTPS and SPDY protocols
that also use data compression. When used to recover the content of secret
authentication cookies, it allows an attacker to perform session hijacking
on an authenticated web session, allowing the launching of further attacks.
Validation Conditions: This test passes if the server is not vulnerable to CRIME attack.
|
|
| Analyzing protection against poodle attacks |
Your connection is vulnerable to poodle_ssl attack. |
|
Description: The POODLE attack (which stands for 'Padding Oracle On Downgraded Legacy
Encryption') is a man-in-the-middle exploit which takes advantage of
Internet and security software client's fallback to SSL 3.0.
If attackers successfully exploit this vulnerability, on average,
they only need to make 256 SSL 3.0 requests to reveal one byte of
encrypted messages.
Validation Conditions: This test passes if the server is not vulnerable to poodle attacks
|
VULNERABLE, uses SSLv3+CBC |
|
| Analyzing Protection Against Freak Attack |
Your connection is immune against FREAK attack. |
|
Description: FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic
weakness in the SSL/TLS protocols. A man-in-the-middle, with only a modest amount
of computation could break the security of any website that allowed the
use of 512-bit export-grade keys.
Validation Conditions: This test is passed it the server is not vulnerable to this attack.
|
|
| Analyzing protection against DROWN Attacks. |
Your connection is immune against DROWN attack. |
|
Description: The DROWN attack is a cross-protocol security bug that attacks servers
supporting modern TLS protocol suites by using their support for the
obsolete, insecure, SSLv2 protocol to leverage an attack on connections
using up-to-date protocols that would otherwise be secure. DROWN
can affect all types of servers that offer services encrypted with TLS
yet still support SSLv2, provided they share the same public key
credentials between the two protocols.
Validation Conditions: This test passes if the server is not vulnerable to DROWN attacks.
|
|
| Analyzing existence of common primes in public/private encryption key pairs. |
Your connection is vulnerable to LOGJAM-Common_Primes attack. |
|
Description: Millions of HTTPS, SSH, and VPN servers all use the same prime numbers
for Diffie-Hellman key exchange. Practitioners believed this was safe
as long as new key exchange messages were generated for every connection.
However, the first step in the number field sieve, the most efficient
algorithm for breaking a Diffie-Hellman connection is dependent only on
this prime. After this first step, an attacker can quickly break individual
connections.
Validation Conditions: This test passes if the server is not using common prime numbers that
would make it vulnerable.
|
|
| Analyzing protection against LOGJAM Attack |
Your connection is immune against LOGJAM attack. |
|
Description: The LOGJAM attack allows a man-in-the-middle attacker to downgrade
vulnerable TLS connections to 512-bit export-grade cryptography.
This allows the attacker to read and modify any data passed over the
connection. The attack is reminiscent of the FREAK attack, but is due
to a flaw in the TLS protocol rather than an implementation vulnerability,
and attacks a Diffie-Hellman key exchange rather than an RSA key exchange.
Validation Conditions: This test passes if the server is not vulnerable to LOGJAM attacks
|
|
| Analyzing CVE-2011-3389 vulnerability |
Your connection is vulnerable to BEAST_CBC_TLS1 attack. |
|
Description: The SSL protocol, as used in certain configurations in Microsoft Windows
and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera,
and other products, encrypts data by using CBC mode with chained initialization
vectors, which allows man-in-the-middle attackers to obtain plaintext
HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS
session, in conjunction with JavaScript code that uses (1) the HTML5
WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight
WebClient API, aka a "BEAST" attack. This category of attack is closely
related to the next one, namely, BEAST attacks.
Validation Conditions: This test is passed if the server is not using Encryption in CBC mode.
|
ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA DES-CBC3-SHA |
|
| Analyzing BEAST vulnerability |
Your connection is vulnerable to BEAST attack. |
|
Description: Short for Browser Exploit Against SSL/TLS, SSL Beast is an exploit first,
revealed in late September 2011, that leverages weaknesses in cipher block
chaining (CBC) to exploit the Secure Sockets Layer (SSL) protocol. The
CBC vulnerability can enable man-in-the-middle (MITM) attacks against SSL
in order to silently decrypt and obtain authentication tokens, providing
hackers with access to the data passed between a Web server and the Web
browser accessing the server.
Validation Conditions: This test passes if the server is not vulnerable to BEAST attacks.
|
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated) |
|
| Analyzing luck13 vulnerability |
Your connection is vulnerable to LUCKY13 attack. |
|
Description: The Lucky Thirteen attack is a cryptographic timing attack against
implementations of the Transport Layer Security (TLS) protocol that use
the CBC mode of operation.
Validation Conditions: This test passes if the sever is not vulnerable to this bug.
|
potentially vulnerable, uses TLS CBC ciphers |
|
| Analyzing RC4 vulnerability |
An error occurred during this test. please report this problem. |
|
Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not
properly combine state data with key data during the initialization phase,
which makes it easier for remote attackers to conduct plaintext-recovery
attacks against the initial bytes of a stream by sniffing network traffic
that occasionally relies on keys affected by the Invariance Weakness, and
then using a brute-force approach involving LSB values, aka the "Bar Mitzvah"
issue.
Validation Conditions: This test passes if the server does not utilize RC4 in its cipher suits.
|
VULNERABLE, Detected ciphers: RC4-SHA RC4-MD5 |
|
