• Services
  • Blog
  • Knowledge Base
  • Contact
our services
  • Application Penetration Testing

    • Username Enumeration
    • iOS Frida Objection Pentesting Cheat Sheet
    • URL Redirection – Attack and Defense
    • Jailbreaking iOS 13 with unc0ver
    • X-Runtime Header Timing Attacks
    • wkhtmltopdf File Inclusion Vulnerability
    • API Mass Assignment Vulnerability
    • Web Server TRACE Enabled
  • AWS Pentesting

    • Protecting S3 buckets using IAM and KMS
    • Misconfigured S3 Bucket
    • S3 Storage Does Not Require Authentication
  • DevOps Security

    • Securing Travis CI
  • Encryption

    • TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability
    • OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
    • Null Ciphers Supported
    • ‘Export Ciphers’ Enabled
  • Network Penetration Testing

    • .NET Handler Enumeration
    • TLS_FALLBACK_SCSV Not Supported
    • PHP Easter Eggs Enabled
    • MySQL Multiple Vulnerabilities
    • Debian Predictable Random Number Generator Weakness
    • Cisco IKE Fragmentation Vulnerability
  • Pentesting Fundamentals

    • Essential Wireshark Skills for Pentesting
    • Testing Cookie Based Session Management
  • Windows Hardening

    • Resolving “Windows NetBIOS / SMB Remote Host Information Disclosure” (2020)
Encryption

OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability

our services

The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its acceptance of a specially crafted handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.

Two factors are important to consider the risk of this vulnerability:
1. An attacker must a MiTM vector (e.g. physical network access between the client and server).
2. The client and server both must use vulnerable versions of OpenSSL. Most major desktop versions of web browsers (Chrome, Firefox, and IE, do not use OpenSSL)

The original advisory for this vulnerability can be found at the following URL: https://www.openssl.org/news/secadv_20140605.txt

Remediation

OpenSSL should be upgraded to the latest stable version. Instances of this issue are often a result of other software that is bundled with outdated versions of SSL. These products should be upgraded individually and verified the OpenSSL versions are up to date.

The latest version of OpenSSL can be found at the following URL: https://www.openssl.org/source/

← Null Ciphers Supported
PHP Easter Eggs Enabled →
  • Services
  • Blog
  • Knowledge Base
  • Contact
Looking for a better
penetration test?

Make an appointment with an expert today

    Request a meeting invite? (EDT)

    Contact ASAP3:00 PM Today4:00 PM Today1:00 PM Tomorrow3:00 PM TomorrowOther / Just Send Info