ajinabraham/SSL_or_TLS_Attacks.txt

## SSL_or_TLS_Attacks.txt
BEAST - Browser Exploit Against SSL/TLS
(Sep 2011)
This vulnerability has the potential to decrypt the encrypted traffic by determining the IV of cipher block chaining (CBC)

CRIME - Compression Ratio Info-leak Made Easy
(Sep 2012)
A compression side-channel attack against HTTPS allows attacker to Inject partial chosen plaintext into a victim's request.

Lucky 13
(Feb 2013)
Allows attacker to modify the cipher block and clocks the response time from server to determine the key to decrypt the data.

BREACH - Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext
(Aug 2013)
it is based on CRIME and exploits the use of HTTP-level compression to decipher HTTPS data.

Heartbleed
(April 2014)
A vulnerability in OpenSSL library that allows anyone to read the memory of the systems that uses vulnerable OpenSSL.

POODLE
(Oct 2014)
MITM attack that downgrades the protocol to SSL 3.0 and changes padding data at the end of a block cipher to weaken encryption.

FREAK - Factoring RSA Export Keys
(Feb 2015)
MITM attack that downgrades connections from 'strong' RSA encryption to 'export-grade' ciphers which are less than 512 bytes.

Bar Mitzvah
(Mar 2015)
Attack that exploits the Invariance Weakness in RC4 keys which leaks plain text data from the encrypted SSL/TLS traffic.

Logjam
(May 2015)
This vulnerability allows the attacker to downgrade a vulnerable connection to a lower grade cipher due to the flaws in TLS protocol.
	BEAST - Browser Exploit Against SSL/TLS
	(Sep 2011)
	This vulnerability has the potential to decrypt the encrypted traffic by determining the IV of cipher block chaining (CBC)

	CRIME - Compression Ratio Info-leak Made Easy
	(Sep 2012)
	A compression side-channel attack against HTTPS allows attacker to Inject partial chosen plaintext into a victim's request.

	Lucky 13
	(Feb 2013)
	Allows attacker to modify the cipher block and clocks the response time from server to determine the key to decrypt the data.

	BREACH - Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext
	(Aug 2013)
	it is based on CRIME and exploits the use of HTTP-level compression to decipher HTTPS data.

	Heartbleed
	(April 2014)
	A vulnerability in OpenSSL library that allows anyone to read the memory of the systems that uses vulnerable OpenSSL.

	POODLE
	(Oct 2014)
	MITM attack that downgrades the protocol to SSL 3.0 and changes padding data at the end of a block cipher to weaken encryption.

	FREAK - Factoring RSA Export Keys
	(Feb 2015)
	MITM attack that downgrades connections from 'strong' RSA encryption to 'export-grade' ciphers which are less than 512 bytes.

	Bar Mitzvah
	(Mar 2015)
	Attack that exploits the Invariance Weakness in RC4 keys which leaks plain text data from the encrypted SSL/TLS traffic.

	Logjam
	(May 2015)
	This vulnerability allows the attacker to downgrade a vulnerable connection to a lower grade cipher due to the flaws in TLS protocol.