Weak SSL Cipher


Description

The application uses a weak TLS cipher. TLS protocols provide for a wider variety of cipher suites, some of which have been identified as being cryptographically weak and susceptible to cryptanalysis. The TLS protocol is only as strong as the ciphers that are offered and attackers can take advantage of weaknesses to decrypt data in order to view sensitive data.

Impact

Cryptographically weak ciphers can be exploited by attackers to perform decryption, Man-in-the-Middle (MitM), and session downgrade attacks. If successful, these attacks could allow an attacker to view encrypted data in clear-text.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply