SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

medium Nessus Plugin ID 94437

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 4.4

Synopsis

The remote service supports the use of 64-bit block ciphers.

Description

The remote host supports the use of a block cipher with 64-bit blocks in one or more cipher suites. It is, therefore, affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.

Proof-of-concepts have shown that attackers can recover authentication cookies from an HTTPS session in as little as 30 hours.

Note that the ability to send a large number of requests over the same TLS connection between the client and server is an important requirement for carrying out this attack. If the number of requests allowed for a single connection were limited, this would mitigate the vulnerability. This plugin requires report paranoia as Nessus has not checked for such a mitigation.

Solution

Reconfigure the affected application, if possible, to avoid use of all 64-bit block ciphers. Alternatively, place limitations on the number of requests that are allowed to be processed over the same TLS connection to mitigate this vulnerability.

See Also

https://sweet32.info

https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Plugin Details

Severity: Medium

ID: 94437

File Name: ssl_64bitblock_supported_ciphers.nasl

Version: 1.12

Type: remote

Family: General

Published: 11/1/2016

Updated: 2/3/2021

Dependencies: ssl_supported_ciphers.nasl

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

VPR Score: 4.4

CVSS Score Source: CVE-2016-2183

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/24/2016

Reference Information

CVE: CVE-2016-2183, CVE-2016-6329

BID: 92630, 92631