Reply
Thread Tools
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#11
Originally Posted by nieldk View Post
Not exactly so, this attack, while not 'easy' still, does enables attacking (downgrading) SSL connections.
It has been possible for some years, by MiTM attacks, the situation now however is it is no longer needed to be on the same network (MiTM), you do however, need to know IP adress of both targets. (Victim and server).
Yes, in theory. And it is a very thin theory indeed.
I have yet to see that attack succeed in real-life situations. It basically can only work against https connections and requires that the server side has fairly outdated configuration.
For ssh, good luck trying!
 

The Following User Says Thank You to juiceme For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#12
Originally Posted by juiceme View Post
Yes, in theory. And it is a very thin theory indeed.
I have yet to see that attack succeed in real-life situations. It basically can only work against https connections and requires that the server side has fairly outdated configuration.
For ssh, good luck trying!
very true indeed. Unfortunately, outdated configurations are quite common, I see them every day doing pentest.
Honestly, I think we will see this being exploited. If not tomorrow, then in a couple of months.
 

The Following 2 Users Say Thank You to nieldk For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 23:27.