Join
2
0 Comments

Importance of TLS 1.3: Vulnerabilities in older versions of SSL/TLS

by Rejah

Web servers that support deprecated SSL/TLS versions and weak cipher suites are inviting trouble from network attacks.

TLS 1.2 works just fine. But the emerging concern is the overall level of security it provides.

It's still flawed even after years of patching and revisions. TLS 1.3, on the other hand, is proven to be more secure and efficient.

Following are some common vulnerabilities in older versions of SSL/TLS:

POODLE ATTACK

In the POODLE attack, an active MITM attacker can force a browser to downgrade the session to SSLv3, which can then be exploited.

The vulnerability affects TLS implementations that don't properly check the structure of the padding used in TLS packets.

FREAK ATTACK

Factoring Attack on RSA-EXPORT Keys (FREAK) is an SSL/TLS vulnerability that can allow an attacker to decrypt secure communications between vulnerable clients and servers.

SWEET32: BIRTHDAY ATTACK

The SWEET32 attack exploits a collision attack in SSL/TLS protocol cipher suites. When CBC mode of encryption is used, these cipher suites uses 64-bit block ciphers to extract plain text of the encrypted data.

BLEICHENBACHER WITH THE ROBOT ATTACK

This vulnerability allows an attacker to gain the RSA key necessary to decrypt TLS traffic under some specific conditions.

An attacker can exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.

BEAST ATTACK

The BEAST attack exploits a weakness in SSL/TLS cipher-block chaining (CBC). It allows a man-in-the-middle attacker to recover certain session information.

CRIME ATTACK

CRIME is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use data compression.

BREACH ATTACK

BREACH attacks HTTP responses- compressed using the common HTTP compression, otherwise known as content encoding, which is much more common than TLS-level compression.

We recently covered more on each vulnerability and how you can avoid them in a blog post.

Avatar for user @Rejah Rejah
posted to Icon for group Developers
Developers
 on July 11, 2020
Say something nice to Rejah…
Post Comment
Trending on Indie Hackers
Build AI Agents & SaaS Apps Visually : Powered by Simplita ai User Avatar 32 comments You don't need to write the same thing again User Avatar 24 comments No Install, No Cost, Just Code User Avatar 21 comments I built an Image-to-3D SaaS using Tencent's Hunyuan 3D AI User Avatar 19 comments Let’s Talk: What’s Missing in Today’s App Builders? User Avatar 17 comments 15 Years of Designmodo User Avatar 14 comments