Unfortunately, the Internet is full of possibilities when it comes to vulnerabilities since cybercriminals never stop removing these. At the same time that we can also find many aspects related to security. In this sense, we can see if a website is reliable, if it has the SSL certificate installed correctly and that is why we will see some of these SSL vulnerabilities.
But first things first, what is an SSL certificate? Basically we can say that it is a global security standard that allows the data transferred when browsing to be correctly encrypted. It prevents the information sent between a browser and a server from being filtered. It is the same as when using an instant messaging tool and that is encrypted from end to end, no possible intruder would have the ability to read what is sent.
Now what main vulnerabilities SSL faces?
▸POODLE
The POODLE attack (which means: Padding Oracle On Downgraded Legacy Encryption) is a “man in the middle attack” (MITM) exploit that allows an attacker to decrypt selective content within the SSL session.
▸BEAST
The BEAST attack, reported as CVE-2011-3389, takes advantage of the weakness in SSL’s CBC or cipher-block chaining encryption mode, allowing an MITM attacker to retrieve certain session information, such as data about “cookies” from what which should be a secure connection.
▸SWEET32
The “SWEET32” attack takes advantage of the collision attack on the SSL protocol that supports cipher suites that use 64-bit block to extract plaintext from the encrypted data, when the CBC encryption mode is used.
All these vulnerabilities must be taken with great caution so that we can prevent and be prepared to face them.
