TLS/SSL Vulnerabilities
Author: HollyGraceful Published: 21 October 2022 Last Updated: 03 November 2022
Look, there's a whole bunch of vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and it can be difficult to keep up with them all, even if they have fancy names and logos! So here's a quick summary of each for you:
- Browser Exploit Against SSL/TLS (BEAST)
- Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH)
- CBC-mode Ciphers
- Compression Ration Info-leak Made Easy (CRIME)
- Decrypting RSA with Obsolete and Weakened Encryption (DROWN)
- Factoring RSA Export Keys (FREAK)
- Lucky 13
- Padding Oracle On Downgraded Legacy Encryption (POODLE)
- RC4 NOMORE
- Return of Bleichenbacher’s Oracle Threat (ROBOT)
- Sweet32