RC4 Algorithm Vulnerability: Statistical Analysis Enables Plaintext-Recovery Attacks in TLS and SSL Protocols

RC4 Algorithm Vulnerability: Statistical Analysis Enables Plaintext-Recovery Attacks in TLS and SSL Protocols

CVE-2013-2566 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Learn more about our Web Application Penetration Testing UK.