Professional Documents
Culture Documents
SSL/TLS Multiple Vulnerabilities SSL 64-Bit Block Size Cipher Suites Supported (Sweet32)
SSL/TLS Multiple Vulnerabilities SSL 64-Bit Block Size Cipher Suites Supported (Sweet32)
SSL/TLS Multiple Vulnerabilities SSL 64-Bit Block Size Cipher Suites Supported (Sweet32)
When the certificate has an error, visitors to the site will receive an error message warning them
that the certificate is invalid. They will be provided with the option of continuing to use the site
or exiting it. New users might get concerned and leave the site. Regular users might become used
to seeing the error message and start ignoring it.
Once regular users start ignoring the error message, an adversary can easily impersonate the site
with a fake SSL certificate created by the adversary. The fake site will also display a similar
error message. Since regular users are familiar with SSL error messages on this site, they will not
realize that this latest error message is from a fake site. They would trust the fake site (with its
fake SSL certificate) as much as they trust this site.
An oracle padding attack has been described for SSLv3 when a cipher block chaining (CBC)
mode ciphersuite is selected. In this scenario, an attacker may be able to decrypt sensitive
information such as authentication cookies without knowing the encryption key. This attack
requires that the adversary can exert control over the request path and body of HTTPS requests
between a targeted client and server. The attacker must also be able to modify SSL records in
transit to the server. When these requirements are met, the attacker can perform repeated
requests and use the server's response to decrypt specific bytes in the HTTP headers. Successful
exploitation can allow an attacker to hijack authenticated sessions.
The remote host is affected by an information disclosure vulnerability. The SSL/TLS service
supports RSA key exchanges and incorrectly leaks whether or not the RSA key exchange sent by
a client was correctly formatted. This information can allow an attacker to decrypt previous
SSL/TLS sessions or impersonate the server. The server leaks whether or not an RSA-encrypted
ciphertext is formatted correctly.
SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
The remote SSL/TLS server is vulnerable to FREAK attack when:
1. The "RSA+EXPORT" ciphers are supported.
2. The size of the RSA public key in certificate is not stronger than 1024.
3. The temporary RSA key size is less than 1024.
4. The temporary RSA key is stable(used multiple times).
Only SSLv3 and TLSv1 are potentially vulnerable.
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than
or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in
a short amount of time (depending on modulus size and attacker resources). This may allow an
attacker to recover the plaintext or potentially violate the integrity of connections.
The server supports weak SSL ciphers
The remote host supports SSL ciphers that are weak (<=112 bits). This allows an adversary to
conduct man-in-the-middle attacks or decrypt communication between the server and client if the
client chooses to use the weak ciphers. Although this is difficult to exploit in practice, it is a
security best practice to disable support for weak ciphers.
Solution
Beast vulnerability: Upgrade to the latest version of TLS. If upgrading is not possible, then
CBC-mode ciphers should be disabled.
Invalid SSL certificate: Please use a valid SSL certificate from a trusted source. Verisign and
Thawte SSL certificates are trusted by all browsers. Also, ensure that the Subject Common Name
matches the server's FQDN.
Freak vulnerability: Disable RSA_EXPORT cipher suites and do not use temporary RSA key
multiple times.
Logjam: Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Robot vulnerability: Upgrade to a patched version of the software. Alternatively, disable RSA
key exchanges.
Results