Prevent CCS Injection

The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.

Security Assessment

Security_Assessment_PreventCSSInjection

CVSS Vector: AV:N/AC:M/AU:N/C:P/I:P/A:P

Vulnerability Information

The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key. 

Guides

Follow the guide to prevent CCS injections:

OpenSSL

Update OpenSSL to the latest version. The following versions are known to prevent CCS injections:

  • OpenSSL 1.0.1h
  • OpenSSL 1.0.0m
  • OpenSSL 0.9.8za

E.g. run:

apt-get update; apt-get upgrade # Debian / Ubuntu
yum update # RHeL / CentOS
pacman -Syu # Arch Linux

For more information about Crashtest Security visit crashtest-security.com