Active Topics

 


Page 2 of 2 1 2
Reply
Thread Tools
juiceme is offline juiceme
2016-08-17 , 07:56
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#11
Originally Posted by nieldk View Post
Not exactly so, this attack, while not 'easy' still, does enables attacking (downgrading) SSL connections.
It has been possible for some years, by MiTM attacks, the situation now however is it is no longer needed to be on the same network (MiTM), you do however, need to know IP adress of both targets. (Victim and server).
Yes, in theory. And it is a very thin theory indeed.
I have yet to see that attack succeed in real-life situations. It basically can only work against https connections and requires that the server side has fairly outdated configuration.
For ssh, good luck trying!
 

The Following User Says Thank You to juiceme For This Useful Post:
nieldk is offline nieldk
2016-08-17 , 08:04
Posts: 1,293 | Thanked: 4,319 times | Joined on Oct 2014
#12
Originally Posted by juiceme View Post
Yes, in theory. And it is a very thin theory indeed.
I have yet to see that attack succeed in real-life situations. It basically can only work against https connections and requires that the server side has fairly outdated configuration.
For ssh, good luck trying!
very true indeed. Unfortunately, outdated configurations are quite common, I see them every day doing pentest.
Honestly, I think we will see this being exploited. If not tomorrow, then in a couple of months.
__________________
You can still support my work by donation - click here
 

The Following 2 Users Say Thank You to nieldk For This Useful Post:
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 16:17.

Contact Us - Home - Archive - Top