Difference between revisions of "Vuln web sslv2"
From Atomicorp Wiki
(Created page with "This vulnerability alert means your systems web server has been configured to support the obsolete and vulnerable SSL v2 protocol. SSLv2 is a very old implementation of the S...") |
Latest revision as of 11:23, 12 December 2013
This vulnerability alert means your systems web server has been configured to support the obsolete and vulnerable SSL v2 protocol. SSLv2 is a very old implementation of the Secure Sockets Layer protocol. It suffers from several design flaws that allow an attacker to see as well as to modify information passed between your clients and your server, essentially rendering SSL meaningless. SSLv2 has been deprecated and is no longer recommended for use on any server.
Here is a list of some of the specific security issues with v2 of the SSL protocol:
- Vulnerable to Man in the middle attacks
- MAC relying solely on MD5 hash function
- Weak cryptography
- Does not meet the U.S. FIPS 140-2 standard
- Does not meet PCI-DSS standard
We recommend you configure your server only to use TLS. SSLv3 also have several security vulnerabilities, and all modern browsers support TLS.