Search

GlobalSCAPE Knowledge Base

Is EFT Server vulnerable to the CRIME attack on the SSL protocol?

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, all versions

DISCUSSION

The CRIME attack is a recent vulnerability in the SSL protocol identified by researchers Juliano Rizzo and Thai Duong. This attack leverages an optional compression feature of the SSL protocol. Specifically, it uses the compression ratio of messages compressed by SSL to expose sensitive data such as session cookies.

The attack requires that the optional compression functionality of the SSL protocol be enabled. This compression feature is disabled within EFT Server and as such it is not vulnerable to this attack.

Details
Last Modified: 3 Months Ago
Last Modified By: kmarsh
Type: INFO
Article not rated yet.
Article has been viewed 60K times.
Options
Also In This Category
Tags