30 January, 2017

Sweet32 - Vulnerbility


Recently there was another Vulnerability grab My attention which was related to DES and Tripple DES (3DES) , Any men in the middle can exploit this vulnerability by capturing large amount of encrypted data and thus recover plain text sensitive data.

Severity: Medium
CVE Number: CVE-2016-2183


For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com

Remediation : You need to disable any ciphers starting with DES and 3DES supported by Server by any service present on server for example

  • Apache
  • Nginx etc
 
Important Point to Remember : 1 :
 
Normally old browser don't supports DES and 3DES ciphers. It is very important to note that in many cases, a software update (back-ported version provided by Operating System vendor ) won't be enough to resolve this issue. Usually software update doesn't overwrite manually tweaked configuration files, which means, DES/3DES can be still available, even if the software update disables them by default.   

                                                      
Important Point to Remember : 2 : 
On Windows 7/10 systems running RDP (Remote Desktop Protocol), the vulnerable cipher that should be disabled is labeled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'.   

 
Important Point to Remember : 3 :
  
Please limit the number of requests client can make in a single TLS session and / or the keep-alive timeout value, If disabling 64 bit block ciphers is not possible. 

For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com