Skip to main content

How to prevent CCS injection

The server is vulnerable to CCS injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.

Security Assessment

Security_Assessment_PreventCSSInjection

CVSS Vector: AV:N/AC:M/AU:N/C:P/I:P/A:P

Vulnerability Information

The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.

Guides

Follow the guide to preventing CCS injections:

OpenSSL

Update OpenSSL to the latest version. The following versions are known to prevent CCS injections:

  • OpenSSL 1.0.1h
  • OpenSSL 1.0.0m
  • OpenSSL 0.9.8za

E.g., run:

apt-get update; apt-get upgrade # Debian / Ubuntu  
yum update # RHeL / CentOS
pacman -Syu # Arch Linux