Bar Mitzvah: attacking RC4 to compromise SSL/TLS
A new attack against a weak RC4 functions allows attacker to decipher data into a ciphered SSL/TLS connection. Unlike the previous attacks involving SSL, this does not need an active connection and can be done with just sniffing the SSL connection.
References:
- 27/03/2015 imperva.com Attacking SSL when using RC4
- 26/03/2015 darkreading.com SSL/TLS Suffers 'Bar Mitzvah Attack'
- 29/03/2015 elladodelmal.com Bar Mitzvah: Nuevo ataque a SSL/TLS te roba las sesiones
Tags: