sweet32

Home / sweet32

OpenSSL Patches High-Severity OCSP Bug & Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol (OCSP) was patched this week, closing a denial-of-service weakness in affected servers. OCSP is an alternative in many cases to Certificate Revocation Lists where a client can use the protocol to ping a server requesting the status of a digital certificate. The vulnerability, [...]

By | September 24th, 2016|Security|

Sweet32 Attacks Against Triple-DES (3DES) and Blowfish

Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to [...]

By | August 25th, 2016|Attacks, Security|
Load More Posts