|
SG-1915 CLONE - Base - Pen test vulnerability: SSL Cipher Block Chaining Cipher Suites Supported |
|
Description |
|
|
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly. Impact It's no longer safe to decrypt data encrypted with the Cipher-Block-Chaining (CBC) mode of symmetric encryption when verifiable padding has been applied without first ensuring the integrity of the ciphertext, except for very specific circumstances. Recommendations Remove CBC cipher suites. Reference [https://www.|https://www.] [http://www. |http://www.] [https://www. |https://www.] |
|