While some threats seem like relics of the past, many are still being exploited today—especially on poorly maintained or legacy systems. Here are the key SSL/TLS vulnerabilities you should know:
Heartbleed – Exposing Sensitive Data
This now-infamous bug in OpenSSL allowed attackers to read sensitive information directly from server memory. Although discovered in 2014, systems that haven’t been updated remain vulnerable. See the original CVE-2014-0160 entry for technical details.
BEAST – Bypassing CBC Encryption in TLS 1.0
BEAST exploits predictable initialization vectors in block cipher modes in older TLS versions. Many platforms have mitigated it, but TLS 1.0 must still be disabled completely to be safe.
CRIME – Compression-based Exploits
CRIME exploits TLS compression to leak session cookies and other sensitive data. It has largely been mitigated by disabling compression in HTTPS configurations.
Logjam – Weak Diffie-Hellman Key Exchange
Logjam takes advantage of export-grade 512-bit keys to downgrade connections and break encryption. A detailed breakdown is available in Logjam's research paper.
All of these exploit weak configurations. A deeper look at the common SSL certificate mistakes website owners make reveals just how often these oversights lead to serious vulnerabilities.
The following table summarizes the key SSL/TLS vulnerabilities discussed above, including how they work, what risks they pose, and how to mitigate them:
