As you might have heard, we recently got our paper on padding oracle attacks accepted to the USENIX Security Conference. In this paper, we describe and evaluate a scanning methodology with which we found several padding oracle vulnerabilities in devices from various vendors. In total, we found that 1.83% of the Alexa Top 1 Million have padding oracle vulnerabilities.
To test whether a server is vulnerable, we specified different padding oracle vectors which we send to the system under test, using different cipher suites and protocol versions. If the server does not behave identically (on both the TLS and TCP layers), we consider it to be vulnerable to a padding oracle attack, since it is leaking information about the plaintext via behavior differences. Depending on the responses to such padding oracle vectors, one can estimate which implementation is responsible for the vulnerability. We contacted quite a few website owners and tried to cooperate with them, to find out which vendors and TLS stacks are responsible for the identified vulnerabilities. You can find our current disclosure status on this issue on https://github.com/RUB-NDS/TLS-Padding-Oracles.
We are currently in contact with other vendors to fix the remaining vulnerabilities, but the some of the rare (in terms of the number of affected hosts) vulnerabilities are currently not attributed. To fix the remaining vulnerabilities, we ask for your assistance to help get rid of this issue. For this purpose, we integrated a standalone version of our padding oracle evaluation tool into our TLS-Scanner (v.2.7) project. This tool allows you (among other things) to evaluate if a specific server is vulnerable.
When the tool detects a vulnerability, it tries to attribute the vulnerability to a specific vendor or CVE. If we already know of the vulnerability of the server you scanned, the tool will print its details. If the tool does not have a description of the vulnerability in its database, it will ask you to notify us about the vulnerable server, such that we can notify the vendor and get the device fixed. To be clear: the tool never sends any data to us - you have the choice of whether to notify us (and what details to include). There is a chance that the tool's attribution is also mistaken, that is, the tool lists a vendor for your host, but you know for sure that you do not use an implementation by this vendor. Please contact us in such cases as well.
You will need to get TLS-Attacker 2.9 (if you do not already have it):
Now we can clone and install the TLS-Scanner
If you start the TLS-Scanner you should be greeted by a usage info, similar to the one below:
or
This should give you an overview of the supported command line flags. The only really required one is the -connect flag (similar to OpenSSL and TLS-Attacker), with which you specify which host to scan. The most basic command is therefore:
Your output may look something like this:
By default, TLS-Scanner will run single-threaded. In such cases the scanning will take a while; just how long it will take depends on your server configuration. The scanner also supports multi-threading, which drastically improves the performance. There are two parameters to play around with, -threads, which controls how many different "probes" are executed in parallel, and -aggressive , which controls how many handshakes can be executed simultaneously. If you want the fastest results the following parameters are usually a good choice:
But lets get back to the results of the Scanner. Currently the Scanner supports a bunch of well known tests, like supported ciphersuites or protocol versions. These are very similar to what you may be used to from other scanners like ssllabs or testssl.sh.
This section lists the responses of the scanned host for each padding oracle vector, for each cipher suite and protocol version. For hackmanit.de, there is no detected difference in responses, which means hackmanit.de is not vulnerable to the attack:
If we want, we can also look at the concrete responses of the server. For this purpose, we start the scanner with the -reportDetail flag:
With this flag we now get the following details:
So what does this all mean? First of all, we named our malformed records. The interpretation of those names is visualized in the following table:
Next to the name you can see what the actual response from the server was. Alert messages which are in [] brackets indicate that the alert was a fatal alert while () brackets indicate a warning alert. ENC means that the messages were encrypted (which is not always the case). The last symbol in each line indicates the state of the socket. An X represents a closed socket with a TCP FIN, a T indicates that the socket was still open at the time of measurement and an @ indicates that the socket was closed with an RST. So how did Hackmanit respond? We see a [BAD_RECORD_MAC] ENC X, which means we received an ENCrypted FATAL BAD_RECORD_MAC alert, and the TCP connection was closed with a TCP FIN. If a server appears to be vulnerable, the scanner will execute the scan a total of three times to confirm the vulnerability. Since this response is identical to all our vectors, we know that the server was not vulnerable and the scanner is not re-executing the workflows.
Here is an example of a vulnerable host:
As you can see, this time the workflows got executed multiple times, and the scanner reports the cipher suite and version as vulnerable because of "SOCKET_STATE". This means that in some cases the socket state revealed information about the plaintext. If you look closely, you can see that for ValPadInvMac-[0]-0-59, ValPadInvMac-[8]-0-59 and ValPadInvMac-[15]-0-59 the server failed to close the TCP socket, while for all other vectors the TCP connect was closed with a TCP FIN. The server was therefore vulnerable.
Since the server was vulnerable, TLS-Scanner will also print an additional section: "PaddingOracle Details"
In this section we try to identify the vulnerability. In the example above, TLS-Scanner will print the following:
As you can see, we attribute this vulnerability to OpenSSL <1.0.2r. We do so by looking at the exact responses to our malformed records. We additionally print two important facts about the vulnerability: Whether it is observable and its strength. The precise details of these properties are beyond the scope of this blogpost, but the short version is:
If an oracle is observable, a man in the middle attacker can see the differences between the vectors by passively observing the traffic, without relying on browser or application specific tricks. A strong oracle has no limitations in the number of consecutive bytes an attacker can decrypt. If an oracle is STRONG and OBSERVABLE, then an attacker can realistically exploit it. This is the case in the example above.
For more details on this, you will have to wait for the paper.
Could not identify the vulnerability. Please contact us if you know which software/hardware is generating this behavior.
If you encounter this message, we do not know yet who is responsible for this padding oracle and would be happy to know which device/vendor is responsible. If you know who is, please contact us so that we can get in contact with the vendor to fix the issue. To reiterate, the tool never sends any data back to us, and it is your choice whether to contact us manually or not.
There are also some cases in which we can identify the vendor, but the vendor has not patched the vulnerability yet. If you encounter such a host, the scanner will tell you that we know the responsible vendor. To prevent abuse, we do not include further details.
A notable feature of our scanner is that we do not actively try to avoid intolerances (like not scanning with a lot of cipher suites in the Hello messages etc.). We believe that doing so would hide important bugs. We are currently experimenting with intolerances checks, but the feature is now still in beta. If we cannot scan a server (most of the time due to intolerances or SNI problems), the scanner will report a lot of intolerances and usually no supported protocol versions. Some intolerances may trick the scanner into reporting false results. At the current stage, we cannot make any guarantees. If you are using this tool during a pentest, it might be smart to rescan with other scanners (like the recently released padcheck tool from our colleague Craig Young) to find the ground truth (this is good advice in general, since other mainstream scanners likely have the same issues). Note however that it is very unlikely that the scanner reports a false positive on a padding oracle scan.
To test whether a server is vulnerable, we specified different padding oracle vectors which we send to the system under test, using different cipher suites and protocol versions. If the server does not behave identically (on both the TLS and TCP layers), we consider it to be vulnerable to a padding oracle attack, since it is leaking information about the plaintext via behavior differences. Depending on the responses to such padding oracle vectors, one can estimate which implementation is responsible for the vulnerability. We contacted quite a few website owners and tried to cooperate with them, to find out which vendors and TLS stacks are responsible for the identified vulnerabilities. You can find our current disclosure status on this issue on https://github.com/RUB-NDS/TLS-Padding-Oracles.
We are currently in contact with other vendors to fix the remaining vulnerabilities, but the some of the rare (in terms of the number of affected hosts) vulnerabilities are currently not attributed. To fix the remaining vulnerabilities, we ask for your assistance to help get rid of this issue. For this purpose, we integrated a standalone version of our padding oracle evaluation tool into our TLS-Scanner (v.2.7) project. This tool allows you (among other things) to evaluate if a specific server is vulnerable.
When the tool detects a vulnerability, it tries to attribute the vulnerability to a specific vendor or CVE. If we already know of the vulnerability of the server you scanned, the tool will print its details. If the tool does not have a description of the vulnerability in its database, it will ask you to notify us about the vulnerable server, such that we can notify the vendor and get the device fixed. To be clear: the tool never sends any data to us - you have the choice of whether to notify us (and what details to include). There is a chance that the tool's attribution is also mistaken, that is, the tool lists a vendor for your host, but you know for sure that you do not use an implementation by this vendor. Please contact us in such cases as well.
How to use the Tool
First, you need to grab hold of the tool. There are 3 ways to get your hands dirty: pre-compiled, self-compiled or Docker. We provide a pre-compiled version of the tool since the compilation process can get quite messy if you are not familiar with java and maven. You can directly download the resulting project here. However, if you also want to play around with the code, you have to compile everything yourself.Building the TLS-Scanner
For this, you will need (Git), maven (sudo apt-get install maven), OpenJDK-8 (I can guarantee that this version works, other versions might work as well, have not tested it).You will need to get TLS-Attacker 2.9 (if you do not already have it):
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git clone https://github.com/RUB-NDS/TLS-Attacker.git | |
cd TLS-Attacker | |
mvn clean install # package is not enough, you need to install it so TLS-Scanner can use it as a library. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cd .. | |
git clone https://github.com/RUB-NDS/TLS-Scanner.git | |
cd TLS-Scanner | |
mvn clean package |
Docker
We also provide a Dockerfile, which lets you run the scanner directly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ docker build . -t tlsscanner |
Getting Started
If you start the TLS-Scanner you should be greeted by a usage info, similar to the one below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java -jar TLS-Scanner.jar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
docker run -t tlsscanner |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Usage: <main class> [options] | |
Options: | |
-aggressiv | |
The level of concurrent handshakes (only applies to some resource | |
intensive tests) | |
Default: 1 | |
-config | |
This parameter allows you to specify a default TlsConfig | |
* -connect | |
Who to connect to. Syntax: localhost:4433 | |
-danger | |
Integer value (1 - 10) which specifies how aggressive the Scanner should | |
test. Default 10 | |
Default: 10 | |
-debug | |
Show extra debug output (sets logLevel to DEBUG) | |
Default: false | |
-h, -help | |
Prints usage for all the existing commands. | |
-implementation | |
If you are interessted in the vulnerability of an implementation rather | |
than a specific site | |
Default: false | |
-noColor | |
If you use Windows or don't want colored text. | |
Default: false | |
-quiet | |
No output (sets logLevel to NONE) | |
Default: false | |
-reportDetail | |
How detailed do you want the report to be? | |
Default: NORMAL | |
Possible Values: [ALL, DETAILED, NORMAL, QUICK] | |
-scanDetail | |
How detailed do you want to scan? | |
Default: NORMAL | |
Possible Values: [ALL, DETAILED, NORMAL, QUICK] | |
-starttls | |
Starttls protocol. Choose from ftp, imap, pop3, smtp. | |
Default: NONE | |
Possible Values: [NONE, FTP, IMAP, POP3, SMTP] | |
-threads | |
How many threads should execute Probes | |
Default: 1 | |
-timeout | |
The timeout used for the scans in ms (default 1000) | |
Default: 1000 |
This should give you an overview of the supported command line flags. The only really required one is the -connect flag (similar to OpenSSL and TLS-Attacker), with which you specify which host to scan. The most basic command is therefore:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java -jar TLS-Scanner.jar -connect somehost.de |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Scanned in: 204s | |
Report for hackmanit.de | |
-------------------------------------------------------- | |
Supported Protocol Versions | |
TLS10 | |
TLS11 | |
TLS12 | |
-------------------------------------------------------- | |
Versions | |
SSL 2.0 : false | |
SSL 3.0 : false | |
TLS 1.0 : true | |
TLS 1.1 : true | |
TLS 1.2 : true | |
TLS 1.3 : false | |
TLS 1.3 Draft 14 : false | |
TLS 1.3 Draft 15 : false | |
TLS 1.3 Draft 16 : false | |
TLS 1.3 Draft 17 : false | |
TLS 1.3 Draft 18 : false | |
TLS 1.3 Draft 19 : false | |
TLS 1.3 Draft 20 : false | |
TLS 1.3 Draft 21 : false | |
TLS 1.3 Draft 22 : false | |
TLS 1.3 Draft 23 : false | |
TLS 1.3 Draft 24 : false | |
TLS 1.3 Draft 25 : false | |
TLS 1.3 Draft 26 : false | |
TLS 1.3 Draft 27 : false | |
TLS 1.3 Draft 28 : false | |
-------------------------------------------------------- | |
Supported Ciphersuites | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | |
TLS_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_RSA_WITH_AES_256_CBC_SHA256 | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_RSA_WITH_AES_128_CBC_SHA | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | |
TLS_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_RSA_WITH_AES_128_CBC_SHA256 | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
-------------------------------------------------------- | |
Supported in TLS10 | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_RSA_WITH_AES_256_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
TLS_RSA_WITH_AES_128_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
-------------------------------------------------------- | |
Supported in TLS11 | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_RSA_WITH_AES_256_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
TLS_RSA_WITH_AES_128_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
-------------------------------------------------------- | |
Supported in TLS12 | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_RSA_WITH_AES_256_CBC_SHA256 | |
TLS_RSA_WITH_AES_256_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
TLS_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_RSA_WITH_AES_128_CBC_SHA256 | |
TLS_RSA_WITH_AES_128_CBC_SHA | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
-------------------------------------------------------- | |
Symmetric Supported | |
Null : false | |
Export : false | |
Anon : false | |
DES : false | |
SEED : false | |
IDEA : false | |
RC2 : false | |
RC4 : false | |
3DES : false | |
AES : true | |
CAMELLIA : true | |
ARIA : false | |
CHACHA20 POLY1305 : false | |
-------------------------------------------------------- | |
KeyExchange Supported | |
RSA : true | |
DH : true | |
ECDH : true | |
GOST : false | |
Kerberos : false | |
Plain PSK : false | |
PSK RSA : false | |
PSK DHE : false | |
PSK ECDHE : false | |
Fortezza : false | |
New Hope : false | |
ECMQV : false | |
-------------------------------------------------------- | |
Perfect Forward Secrecy | |
Supports PFS : true | |
Prefers PFS : true | |
Supports Only PFS : false | |
-------------------------------------------------------- | |
Cipher Types Supports | |
Stream : false | |
Block : true | |
AEAD : true | |
-------------------------------------------------------- | |
Ciphersuite General | |
Enforces Ciphersuite ordering : true | |
-------------------------------------------------------- | |
Supported Extensions | |
SERVER_NAME_INDICATION | |
EC_POINT_FORMATS | |
HEARTBEAT | |
SESSION_TICKET | |
RENEGOTIATION_INFO | |
-------------------------------------------------------- | |
Extensions | |
Secure Renegotiation : true | |
Extended Master Secret : false | |
Encrypt Then Mac : false | |
Tokenbinding : false | |
-------------------------------------------------------- | |
TLS 1.3 Named Groups | |
none | |
-------------------------------------------------------- | |
Supported Named Groups | |
SECP256R1 | |
-------------------------------------------------------- | |
Supported Compressions | |
NULL | |
-------------------------------------------------------- | |
Common Bugs [EXPERIMENTAL] | |
Version Intolerant : false | |
Ciphersuite Intolerant : false | |
Extension Intolerant : false | |
CS Length Intolerant (>512 Byte) : false | |
Compression Intolerant : false | |
ALPN Intolerant : false | |
CH Length Intolerant : false | |
NamedGroup Intolerant : false | |
Empty last Extension Intolerant : false | |
SigHashAlgo Intolerant : false | |
Big ClientHello Intolerant : false | |
2nd Ciphersuite Byte Bug : false | |
Ignores offered Ciphersuites : false | |
Reflects offered Ciphersuites : false | |
Ignores offered NamedGroups : false | |
Ignores offered SigHashAlgos : true | |
-------------------------------------------------------- | |
Attack Vulnerabilities | |
Padding Oracle : false | |
Bleichenbacher : false | |
CRIME : false | |
Breach : false | |
Invalid Curve : false | |
Invalid Curve Ephemerals : false | |
SSL Poodle : false | |
TLS Poodle : false | |
CVE-20162107 : false | |
Logjam : false | |
Sweet 32 : false | |
DROWN : false | |
Heartbleed : Unknown | |
EarlyCcs : false | |
-------------------------------------------------------- | |
Bleichenbacher Details | |
CKE_CCS_FIN - No Behavior Difference | |
CKE - No Behavior Difference | |
CKE_CCS - No Behavior Difference | |
CKE_FIN - No Behavior Difference | |
-------------------------------------------------------- | |
PaddingOracle Responsemap | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS12 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS12 - No Behavior Difference | |
-------------------------------------------------------- | |
RFC | |
Checks MAC (AppData) : correct | |
Checks MAC (Finished) : correct | |
Checks VerifyData : correct | |
-------------------------------------------------------- | |
Certificates | |
Fingerprint : 214ee696de3dc367a86c53f08154b1b8725a7992be85a366b7fba38f227bf7f0 | |
Subject : CN=hackmanit.de | |
CommonNames : #311530130603550403130c6861636b6d616e69742e6465 | |
Valid From : Wed Feb 27 08:51:34 CET 2019 | |
Valid Till : Tue May 28 09:51:34 CEST 2019 | |
PublicKey : RSA Public Key [38:68:38:ac:e3:c2:c7:2e:60:d6:0d:dd:35:51:4e:9b:80:5b:fc:83] | |
modulus: b2a10f47f793b4fdc487f44a06865f3dc4a49deb14db397f3e1ce575a528ec8a053de24e28c941798f2c66d084132f9c94a8f8693f89e58faf08612f6a95a6d17557ea8ebe4ba78166f02222bc3a2b60f42b67a6e5967ce1b1397fff4a08e3b4d50254309f711b92dfae79a5509aa82b4798c81fdd9f38258fa88f7481c04b76298eb7aa76d0fc465f5d2bcb9901da5e7078eaf5c1b2897b92c8fd18a9e6eab240e8e8b696d42a3f1501cd8404979a8b76c620b4eb0e2e835192e450e896ae7da0a91e04a917b12e4325a649084da873adc2d474fbdd2b14e49171f7ac94e593cb9ae8a92b31275b68fde3e62bc601f7cba81897838b24806a7faec67dafc69d | |
public exponent: 10001 | |
Issuer : C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 | |
Signature Algorithm : RSA | |
Hash Algorithm : SHA256 | |
ROCA (simple) : false | |
Fingerprint : 25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d | |
Subject : C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 | |
CommonNames : #312330210603550403131a4c6574277320456e637279707420417574686f72697479205833 | |
Valid From : Thu Mar 17 17:40:46 CET 2016 | |
Valid Till : Wed Mar 17 17:40:46 CET 2021 | |
PublicKey : RSA Public Key [7e:b7:3a:83:81:d9:d9:c1:42:38:24:7a:ff:51:4a:57:d3:bf:4b:68] | |
modulus: 9cd30cf05ae52e47b7725d3783b3686330ead735261925e1bdbe35f170922fb7b84b4105aba99e350858ecb12ac468870ba3e375e4e6f3a76271ba7981601fd7919a9ff3d0786771c8690e9591cffee699e9603c48cc7eca4d7712249d471b5aebb9ec1e37001c9cac7ba705eace4aebbd41e53698b9cbfd6d3c9668df232a42900c867467c87fa59ab8526114133f65e98287cbdbfa0e56f68689f3853f9786afb0dc1aef6b0d95167dc42ba065b299043675806bac4af31b9049782fa2964f2a20252904c674c0d031cd8f31389516baa833b843f1b11fc3307fa27931133d2d36f8e3fcf2336ab93931c5afc48d0d1d641633aafa8429b6d40bc0d87dc393 | |
public exponent: 10001 | |
Issuer : O=Digital Signature Trust Co.,CN=DST Root CA X3 | |
Signature Algorithm : RSA | |
Hash Algorithm : SHA256 | |
ROCA (simple) : false | |
-------------------------------------------------------- | |
Certificate Checks | |
Expired Certificates : false | |
Not yet Valid Certificates : false | |
Weak Hash Algorithms : false | |
-------------------------------------------------------- | |
Session | |
Supports Session resumption : true | |
Supports Session Tickets : true | |
-------------------------------------------------------- | |
Renegotioation & SCSV | |
Clientside Secure : false | |
Clientside Insecure : false | |
-------------------------------------------------------- | |
HSTS | |
Not supported | |
-------------------------------------------------------- | |
HPKP | |
Not supported | |
-------------------------------------------------------- | |
HTTPS Response Header | |
Date:Thu, 28 Mar 2019 10:39:00 GMT | |
Server:Apache | |
Location:https://www.hackmanit.de/ | |
Content-Length:296 | |
Keep-Alive:timeout=5, max=100 | |
Connection:Keep-Alive | |
Content-Type:text/html; charset=iso-8859-1 | |
-------------------------------------------------------- | |
Nonce | |
Random : No Duplicates (wip) | |
-------------------------------------------------------- | |
PublicKey Parameter | |
EC PublicKey reuse : false | |
DH PublicKey reuse : false | |
Uses Common DH Primes : true | |
2048-bit MODP from RFC 3526 | |
Uses Non-Prime Moduli : false | |
Uses Nonsafe-Prime Moduli : false | |
DH Strength : 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java -jar TLS-Scanner -connect hackmanit.de -threads 15 -aggressive 100 |
Padding Oracles
The main advantage of our scanner is the ability to scan for padding oracle vulnerabilities (which is probably why you are reading this post). You will see if you are vulnerable in the "Attack Vulnerabilities" section. For example, when scanning hackmanit.de, the result is false. Good for us! But as you might have seen there is also another section in the scanner report:"PaddingOracle Responsemap"This section lists the responses of the scanned host for each padding oracle vector, for each cipher suite and protocol version. For hackmanit.de, there is no detected difference in responses, which means hackmanit.de is not vulnerable to the attack:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PaddingOracle Responsemap | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS10 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS11 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS12 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS12 - No Behavior Difference |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java -jar TLS-Scanner -connect hackmanit.de -threads 15 -aggressive 100 -reportDetail ALL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS10 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS11 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-47-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-24-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-31 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[15]-0-31 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-31 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-31 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-31 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-31 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-31 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[15]-0-31 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-31 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-25-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-25-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-25-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-25-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-25-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-25-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-25-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-25-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-25-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-31-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-16-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-31-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-16-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_256_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-31-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-16-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-31-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-16-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-31-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-16-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-47 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[23]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-47 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-41-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-41-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-41-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_AES_128_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS12 - No Behavior Difference | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] ENC X | |
Plain FF [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] ENC X |
BasicMac-<position>-<XOR> | A Record with ApplicationData, MAC and padding bytes, where the padding byte at <position> is XOR'd <XOR> |
MissingMacByteFirst | A Record without ApplicationData, where the first byte of the MAC is missing |
MissingMacByteLast | A Record without ApplicationData, where the last byte of the MAC is missing |
Plain FF | A Record without ApplicationData & MAC which only contains Paddingbytes: 64* 0xFF |
Plain 3F | A Record without ApplicationData & MAC which only contains Paddingbytes: 64* 0xF3 |
InvPadValMac-[<position>]-<appDataLength>-<paddingBytes> | A Record with invalid padding and valid MAC. The Record contains <appDataLength> many ApplicationData bytes and <paddingBytes> many PaddingBytes. The Padding is invalid at <position>. |
ValPadInvMac-[<position>]-<appDataLength>-<paddingBytes> | A Record with valid padding and invalid MAC. The Record contains <appDataLength> many ApplicationData bytes and <paddingBytes> many PaddingBytes. The MAC is invalid at <position>. |
InvPadInvMac-[<position>]-<appDataLength>-<paddingBytes> | A Record with invalid padding and invalid MAC. The Record contains <appDataLength> many ApplicationData bytes and <paddingBytes> many PaddingBytes. The MAC is invalid at the first position. The Padding is invalid at <position>. |
Next to the name you can see what the actual response from the server was. Alert messages which are in [] brackets indicate that the alert was a fatal alert while () brackets indicate a warning alert. ENC means that the messages were encrypted (which is not always the case). The last symbol in each line indicates the state of the socket. An X represents a closed socket with a TCP FIN, a T indicates that the socket was still open at the time of measurement and an @ indicates that the socket was closed with an RST. So how did Hackmanit respond? We see a [BAD_RECORD_MAC] ENC X, which means we received an ENCrypted FATAL BAD_RECORD_MAC alert, and the TCP connection was closed with a TCP FIN. If a server appears to be vulnerable, the scanner will execute the scan a total of three times to confirm the vulnerability. Since this response is identical to all our vectors, we know that the server was not vulnerable and the scanner is not re-executing the workflows.
Here is an example of a vulnerable host:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS12 - SOCKET_STATE VULNERABLE | |
Response Map | |
BasicMac-19-01 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
BasicMac-10-08 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
BasicMac-0-80 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
MissingMacByteFirst [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
MissingMacByteLast [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
Plain XF (0xXF=#padding bytes) [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
Plain FF [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadValMac-[0]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadValMac-[29]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadValMac-[last]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
ValPadInvMac-[0]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
ValPadInvMac-[8]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
ValPadInvMac-[15]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC T | |
InvPadInvMac-[0]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadInvMac-[29]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadInvMac-[last]-0-59 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadValMac-[0]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadValMac-[3]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadValMac-[last]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
ValPadInvMac-[0]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
ValPadInvMac-[8]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
ValPadInvMac-[15]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadInvMac-[0]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadInvMac-[3]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
InvPadInvMac-[last]-53-6 [BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X | |
[BAD_RECORD_MAC] (CLOSE_NOTIFY) ENC X |
Since the server was vulnerable, TLS-Scanner will also print an additional section: "PaddingOracle Details"
In this section we try to identify the vulnerability. In the example above, TLS-Scanner will print the following:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PaddingOracle Details | |
Identification : Openssl CVE-2019-1559 | |
CVE : Openssl CVE-2019-1559 | |
Strength : STRONG | |
Observable : true | |
If an application encounters a fatal protocol error and then calls | |
SSL_shutdown() twice (once to send a close_notify and once to receive one), then OpenSSL can respond differently to the calling application if a 0-byte record is received with invalid padding compared to if a 0-byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. | |
For this to be exploitable, "non-stitched" cipher suites must be in | |
use. Stitched cipher suites are optimized implementations of specific commonly used cipher suites. Also, the application must call SSL_shutdown() twice even if a | |
protocol error has occurred (applications should not do this, but some do | |
anyway). | |
This issue does not impact OpenSSL 1.1.1 or 1.1.0. | |
OpenSSL 1.0.2 users should upgrade to 1.0.2r. | |
-------------------------------------------------------- | |
Affected Products | |
Openssl < 1.0.2r | |
If your tested software/hardware is not in this list, please let us know so we can add it here. |
If an oracle is observable, a man in the middle attacker can see the differences between the vectors by passively observing the traffic, without relying on browser or application specific tricks. A strong oracle has no limitations in the number of consecutive bytes an attacker can decrypt. If an oracle is STRONG and OBSERVABLE, then an attacker can realistically exploit it. This is the case in the example above.
For more details on this, you will have to wait for the paper.
Attribution
As you can see, we try to fingerprint the responsible device/implementation. However, we were not able to identify all vulnerable implementations yet. If we cannot attribute a vulnerability you will receive the following message:Could not identify the vulnerability. Please contact us if you know which software/hardware is generating this behavior.
If you encounter this message, we do not know yet who is responsible for this padding oracle and would be happy to know which device/vendor is responsible. If you know who is, please contact us so that we can get in contact with the vendor to fix the issue. To reiterate, the tool never sends any data back to us, and it is your choice whether to contact us manually or not.
There are also some cases in which we can identify the vendor, but the vendor has not patched the vulnerability yet. If you encounter such a host, the scanner will tell you that we know the responsible vendor. To prevent abuse, we do not include further details.
Non-Determinism and Errors
In some cases, the scanner is unable to scan for padding oracles and reports ERROR or non-deterministic responses. The ERROR cases appear if the scanner failed could not handshake with the specified cipher suite and protocol version. This might be due to a bug in the tested TLS-Server or a bug in TLS-Attacker or TLS-Scanner. If you think the handshake fails because of an issue on our side, please open an issue on Github, and we will investigate. The more interesting cases are the non-deterministic ones. In such cases the scanner observed non-identical scan results in three separate scans. This can be due to non-determinism in the software, connection errors, server load or non-homogeneous load balancing. Currently, you will have to analyze these cases manually. In the paper, we excluded such hosts from our study because we did not want to artificially improve our results. But we understand that you as a tester want to know if the server is vulnerable or not. If the server is not truly vulnerable you would see the differences between the answers spread across all the different vectors. If the differences only appear on a subset of malformed records the server is very likely vulnerable. If you are unsure, you can also always scan multiple times (or scan slowly), increase the timeout, or if you are entirely lost get in touch with us.How YOU can help
Please use the scanner on all your hosts and check for padding oracle vulnerabilities. If the scanner can identify your vulnerability, a patch should already be available. Please patch your system! If the scanner does not identify the vulnerability (and instructs you to contact us), please contact us with the details (robert.merget@rub.de). If you can provide us with the detailed output of the scanner or even better, the name of the host, with the corresponding vendor, we could match the results with our database and help fix the issue. We can already attribute over 90% of the vulnerabilities, but there is still a lot to be discovered. We mostly scanned the Alexa top 1-million on port 443. Other protocols like IMAPS, POP3S, etc. might have different implementations with different vulnerabilities. If you find vulnerabilities with our tool, please give us credit. It helps us to get more funding for our project.Issues with the Scanner
A notable feature of our scanner is that we do not actively try to avoid intolerances (like not scanning with a lot of cipher suites in the Hello messages etc.). We believe that doing so would hide important bugs. We are currently experimenting with intolerances checks, but the feature is now still in beta. If we cannot scan a server (most of the time due to intolerances or SNI problems), the scanner will report a lot of intolerances and usually no supported protocol versions. Some intolerances may trick the scanner into reporting false results. At the current stage, we cannot make any guarantees. If you are using this tool during a pentest, it might be smart to rescan with other scanners (like the recently released padcheck tool from our colleague Craig Young) to find the ground truth (this is good advice in general, since other mainstream scanners likely have the same issues). Note however that it is very unlikely that the scanner reports a false positive on a padding oracle scan.
0 Reactions to this post
Add CommentPost a Comment