AnsweredAssumed Answered

SSL Allows Anonymous Authentication & Cleartext Communication Vulnerabilities

Question asked by Guy Itzhaki on Nov 10, 2015
Latest reply on Nov 11, 2015 by Lily Wilson

Dear forum,

I've implemented a java based client-server application. The Server is using Java 8 and the clients are java 7 (or higher) based clients.

The clients communicate with the server using SSL.

From what I read these vulnerabilities can be exploit when the client is using null cipher during negotiation, it is true that since in my case the clients are using java7 there is a guarantee that null cipher will not be used during negotiation?

I wonder, is my solution is at risk due to QID 38143 - SSL Server Allows Cleartext Communication Vulnerability or QID 38142 - SSL Server Allows Anonymous Authentication Vulnerability?

 

Thanks

Guy

Outcomes