30 January, 2017

Sweet32 - Vulnerbility

Recently there was another Vulnerability grab My attention which was related to DES and Tripple DES (3DES) , Any men in the middle can exploit this vulnerability by capturing large amount of encrypted data and thus recover plain text sensitive data.

Severity: Medium
CVE Number: CVE-2016-2183

For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com

Remediation : You need to disable any ciphers starting with DES and 3DES supported by Server by any service present on server for example

  • Apache
  • Nginx etc
Important Point to Remember : 1 :
Normally old browser don't supports DES and 3DES ciphers. It is very important to note that in many cases, a software update (back-ported version provided by Operating System vendor ) won't be enough to resolve this issue. Usually software update doesn't overwrite manually tweaked configuration files, which means, DES/3DES can be still available, even if the software update disables them by default.   

Important Point to Remember : 2 : 
On Windows 7/10 systems running RDP (Remote Desktop Protocol), the vulnerable cipher that should be disabled is labeled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'.   

Important Point to Remember : 3 :
Please limit the number of requests client can make in a single TLS session and / or the keep-alive timeout value, If disabling 64 bit block ciphers is not possible. 


Contact support@linuxforeveryone for any Freelancing work on Linux Servers

Subscribe my YouTube Channel 

Like My Facebook Page 

Browse the Best in class Web Hosting Plans

No comments:

Post a Comment