A group of researchers from the University of Ca' Foscari (Italy) analyzed 90 hosts associated with the 10 largest sites in the Alexa ranking and concluded that 5.5% of them have serious security problems in their TLS implementations. The study examined problems with the use of vulnerable encryption methods: 4818 of the problematic hosts were susceptible to MITM attacks, 733 contained vulnerabilities that could completely decrypt traffic, and 912 allowed partial decryption (for example, to extract session cookies).
Serious vulnerabilities have been identified on 898 sites that allow them to be completely compromised, for example, by organizing script substitution on pages. 660 (73.5%) of these sites used external scripts on their pages, downloaded from third-party hosts affected by vulnerabilities, which demonstrates the relevance of indirect attacks and the possibility of their cascading (as an example, we can mention the hacking of the StatCounter counter, which could lead to the compromise of more than two million other sites).
10% of all login forms on the sites studied had privacy issues that could potentially lead to password theft. 412 sites had problems intercepting session cookies. 543 sites had problems with session cookie integrity control. More than 20% of the Cookies studied were leaked to persons controlling subdomains.
Source: opennet.ru