Fluid Attacks Database

Description

Detects if a web server accepts connections using CBC (Cipher Block Chaining) cipher suites in TLS 1.2 and earlier versions. CBC mode ciphers in older TLS versions are vulnerable to attacks like BEAST that can compromise encrypted communications. This poses a risk of data exposure or manipulation during transmission.

Weakness:

094 - Insecure encryption algorithm - Cipher Block Chaining

Category: Information Collection

Detection Strategy

• Attempts to establish TLS connections to the server using CBC cipher suites

• Reports a vulnerability if the server accepts connections using CBC ciphers on TLS 1.2 or earlier versions

• Checks each supported TLS version separately (except TLS 1.3 which is excluded)

• Tests if the server accepts any of the offered CBC cipher suites during the TLS handshake

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.