SSL Renegotiation Vulnerbility on AWS?

背景 最近有個客戶向我們諮詢關於AWS Elastic Load Balancer的安全問題,聲稱他們用HP Fortify WebInspect審查端口443時,發現該端口含有CVE-2009-3555漏洞。按照經驗,AWS在修補漏洞方面應該極爲迅速,並且會對漏洞做說明,發郵件給用戶才對。我們開始了如下的研究。 首先,該安全團隊對漏洞做了些解釋和解決方案: CVE-2009-3555: (http://cve.mitre.org…

Remmina decryption

A Remmina decryption program which decrypts passwords from your .remmina files. Source file can be downloaded from here. To compile it, you need remmina_crypt.c from remmina package. Demo: