SSL key algorithm detection tool-sslciphercheck-SSL/TLS Suffers 'Bar Mitzvah Attack' vulnerability

Language 2023-08-11 18:07:57 views: null

SSL key algorithm detection tool-sslciphercheck-SSL/TLS Suffers 'Bar Mitzvah Attack' vulnerability

Article directory

sslciphercheck
- Vulnerability: SSL/TLS Suffers 'Bar Mitzvah Attack' Vulnerability

sslciphercheck

Download: https://github.com/woanware/woanware.github.io/blob/master/downloads/sslciphercheck.v.1.4.2.zip

Run: CMD-cd to the download package directory

run command

sslciphercheck.exe -h ip（目标地址） -p 443

Supported unsafe modules detected

Vulnerability: SSL/TLS Suffers 'Bar Mitzvah Attack' Vulnerability

Vulnerability description

The vulnerability allows attackers to restore the plain text in encrypted information through the invariant weak key of RC4, which may expose account passwords, credit card data, or other sensitive information.

vulnerability detection

If the RC4 cipher suite is supported, this vulnerability exists, and if it does not support it, it does not exist.
insert image description here
openssl s_client -connect vpnsh-xtp.zts.com.cn:443 -cipher RC4
If you see the connection handshake is successful and you can see the certificate information, it means that there is a risk vulnerability.
If you see the sentence "alert handshake failure", it means the The site does not have this vulnerability
insert image description here

repair suggestion

Disable the RC4 encryption algorithm.

Guess you like

Origin blog.csdn.net/weixin_44406011/article/details/131597290

SSL key algorithm detection tool-sslciphercheck-SSL/TLS Suffers 'Bar Mitzvah Attack' vulnerability

SSL / TLS by commandment ceremony (BAR-MITZVAH) vulnerabilities (CVE-2015-2808)

Wikipedia suffers DDOS attack

SSL/TLS server transient Diffie-Hellman public key is too weak (nginx vulnerability fix)

SSL / TLS protocol detailed (on): cipher suites, hashing, encryption, key exchange algorithm

The relationship between HTTPS, SSL, TLS, and the detection interface

Tool Recommendation | Freshly released, one-click fully automatic asset vulnerability detection and scanning tool (Attack Surface Management (ASM) tool)

Generate SSL KEY

Redis unauthorized vulnerability detection tool

Fragile SSL encryption algorithm

Snap Store suffers malicious app attack, temporarily adds manual review

SSL key negotiation process analysis

TLS / SSl-related vulnerabilities and detection methods hodgepodge!

Server certificate, TLS version detection, SSL Server Test

[OpenAI]ChatGPT uses key to connect and TLS/SSL connection has been closed (EOF) (_ssl.c:1131)

CTF XXE vulnerability attack

File Upload Vulnerability Attack

SQL injection vulnerability attack

Relaxing SSL algorithm constrains programmatically

TLS SSL

Get the common key point detection algorithm in opencv in one article (with code)

OpenCV implements SIFT→SURF algorithm key point detection implementation

Безопасность транспортного уровня (SSL)

ssl security testing tools testssl.sh and LogJam attack

A little summary about SSL key pairs

SSL/TLS Protocol Information Disclosure Vulnerability (CVE-2016-2183) [Principle Scan]

SSL/TLS RC4 Information Disclosure Vulnerability (CVE-2013-2566) [Principle Scanning] Repair Solution

SIEM: Cyber Attack Detection

Graphical analysis of WannaCry2.0 virus software about "the world suffers from cyber ransomware attack"

Game Security Information Selected Issue 4 of 2017: World of Warcraft suffers DDoS attack

Recommended

Apache Doris version 2.0.10 is officially released!

Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs

Ranking

JS inheritance and monitoring

[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...

Java threads sharing static variable

balancap/SSD-Tensorflow使用及训练预测自己的数据集

Detailed core ES6

JS --- reverse traversal achieved Array array, the array is connected string

How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell

Linux modify the hostname method

Charging Specification BC v1.2

node的性能和java对比分析

Daily

More

2024-05-17(6)

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)