Merge pull request #16 from stfbk/hotfix

Update LUCKY13.json
stfbk · Mar 23, 2023 · ba77b10 · ba77b10
2 parents 3cadafd + 44c3640
commit ba77b10
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/configs/mitigations/LUCKY13.json b/configs/mitigations/LUCKY13.json
@@ -7,7 +7,7 @@
     "#comment": " AV:N/AC:H/Au:N/C:P/I:N/A:N ",
     "Description": "By exploiting the structure of the Cipher Block Chaining (CBC) mode, an attacker can infer the content of a transmission. The attack is performed by capturing, tampering (actually damaging) and re-transmitting the messages sent by the client to see how the server responds.<br/>The attack, by breaching in the authentication mechanism, has a serious impact on the transmission.",
     "Mitigation": {
-      "Textual": "Update the TLS library to a version that contains the custom mitigations (e.g. OpenSSL v1.0.2h+).",
+      "Textual": "Update the TLS library to a version that contains the custom mitigations (e.g. OpenSSL v1.0.1e+).",
 
         "Apache": "No snippet available",
         "Nginx": "The best mitigation is to update the OpenSSL libraries. The fastest mitigation is to disable all CBC ciphers.<br/><br/>1. In a default situation, you can edit your website configuration <i>/etc/nginx/sites-enabled/default</i><br/> (if you changed your site conf name <i>/etc/nginx/sites-enabled/YOURSITECONFIGURATION</i>);<br/>2. Inside <code>server {...}</code> brackets configuration, find <code>ssl_ciphers</code>;<br/>3. Remove any CBC-related cipher (even nested one).<br/><br/><br/>N.B. restart the server by typing: <code>sudo service nginx restart</code>.<br/>"