关联漏洞
标题:OpenSSL 加密问题漏洞 (CVE-2015-0204)Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的s3_clnt.c文件中的‘ssl3_get_key_exchange’函数存在安全漏洞。远程攻击者可通过提供临时的RSA密钥利用该漏洞实施RSA-to-EXPORT_RSA降级攻击,加快暴力破解进度。以下版本受到影响:OpenSSL 0.9.8zd之前版本,1.0.0p之前1.0.0版本,1.
Description
Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai.
介绍
# FREAK Attack CVE 20150204 Testing Script
Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. It is a Free Software and does not need other's server to run. Your server must score A+ to SSL Labs test under normal situation, should listed as HSTS Preload Listed website for better security.
Except renowned web service providers, do not test your own website on some mother f$$$$$$r's server on SSL Lab. First test that server, it is not unusual to find security flaw on their website.
The script is written as described method by Akamai. I written for our servers. You should not complain against it, because it is 100% free software. Normally on SSL Lab Test, you'll score A+ with with good settings. Casually test with this script for any extra issue. Most webmasters, frankly use very bad setup, can not even qualify to score A on SSL Labs.
Usage :
````
wget https://raw.githubusercontent.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script/master/freak-test.sh
chmod +x freak-test.sh
sh freak-test.sh
````
Any link posted towards any website running any non-Free software as issue, will be deleted from here and red linked on DMOZ. Non-Free software is as per definiation by Richard M. Stallman.
文件快照
[4.0K] /data/pocs/695d5e9420c6c74f446e32292fd7b23c7c0c4ab5
├── [3.0K] freak-test.sh
├── [ 34K] LICENSE
└── [1.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →