1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Faulty TLS implementation opens VISA sites, users to attack

Discussion in 'Help Net Security' started by RSS, May 27, 2016.

  1. RSS

    RSS New Member Member

    A group of researchers has discovered 184 HTTPS servers that are wide open to attackers looking to inject seemingly valid content into encrypted sessions. Some of these servers belong to the credit card company VISA, the Polish banking association ZBP, and the German stock exchange. They are vulnerable to these attacks because they used a duplicate cryptographic nonce with the AES-GCM cipher during the TLS handshake between the browser and the HTTPS-protected sites. This means … More →

    Continue reading...

Share This Page