when i use a vulnerability scan tool to scan my vpn server which i deployed it with Softether-vpnserver v4.28-9669.
the scan result come out with a vulnerability.
i want to know how to fix it.
the detail information i post below.
The SSL/Tls protocol is widely used encryption protocol.The Bar Mitzvah attack actually exploits the "invariant vulnerablity",which is a flaw in the RC4 algorithm. which can leak ssl/tls encrypted traffic in some cases. the ciphertext,which leaks account username password,credit card data and other sensitive information to hakers.
about tls/ssl vulnerability of softethervpn
-
- Posts: 2
- Joined: Tue Nov 06, 2018 11:16 am
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: about tls/ssl vulnerability of softethervpn
Please use another cipher.
You can change the cipher in 'Encryption and Network' on Server Manager.
Still, the server accepts RC4, but it is not used for VPN communication.
You can change the cipher in 'Encryption and Network' on Server Manager.
Still, the server accepts RC4, but it is not used for VPN communication.