SSL key algorithm detection tool-sslciphercheck-SSL/TLS Suffers 'Bar Mitzvah Attack' vulnerability
Article directory
sslciphercheck
Download: https://github.com/woanware/woanware.github.io/blob/master/downloads/sslciphercheck.v.1.4.2.zip
Run: CMD-cd to the download package directory
run command
sslciphercheck.exe -h ip(目标地址) -p 443
Supported unsafe modules detected
Vulnerability: SSL/TLS Suffers 'Bar Mitzvah Attack' Vulnerability
Vulnerability description
The vulnerability allows attackers to restore the plain text in encrypted information through the invariant weak key of RC4, which may expose account passwords, credit card data, or other sensitive information.
vulnerability detection
If the RC4 cipher suite is supported, this vulnerability exists, and if it does not support it, it does not exist.
openssl s_client -connect vpnsh-xtp.zts.com.cn:443 -cipher RC4
If you see the connection handshake is successful and you can see the certificate information, it means that there is a risk vulnerability.
If you see the sentence "alert handshake failure", it means the The site does not have this vulnerability
repair suggestion
Disable the RC4 encryption algorithm.