Menu

Search

GlobalSCAPE Knowledge Base


Is EFT Server vulnerable to the CRIME attack on the SSL protocol?


GlobalSCAPE 5
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, all versions

DISCUSSION

The CRIME attack is a recent vulnerability in the SSL protocol identified by researchers Juliano Rizzo and Thai Duong. This attack leverages an optional compression feature of the SSL protocol. Specifically, it uses the compression ratio of messages compressed by SSL to expose sensitive data such as session cookies.

The attack requires that the optional compression functionality of the SSL protocol be enabled. This compression feature is disabled within EFT Server and as such it is not vulnerable to this attack.


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 7 Years Ago
Last Modified By: GlobalSCAPE 5
Type: INFO
Article not rated yet.
Article has been viewed 16K times.
Options
Find Similar