sweet32

Home / sweet32

OpenSSL Patches High-Severity OCSP Bug & Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol (OCSP) was patched this week, closing a denial-of-service weakness in affected servers. OCSP is an alternative in many cases to Certificate Revocation Lists where a client can use the protocol to ping a server requesting the status of a digital certificate. The vulnerability, [...]

By | 2016-10-16T15:53:39+00:00 September 24th, 2016|Categories: Security|Tags: , , , , , , , |0 Comments

Sweet32 Attacks Against Triple-DES (3DES) and Blowfish

Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to [...]

By | 2016-10-16T15:54:09+00:00 August 25th, 2016|Categories: Attacks, Security|Tags: , , , , , , |0 Comments
Load More Posts