Detections
Analytics

TLS Triple-DES Key Exchange Detection (Sweet32) (deprecated)

low Nessus Network Monitor Plugin ID 7223

Synopsis

The remote host is configured to allow weak, Triple-DES encryption.

Description

The remote host is running the TLS protocol. Further, the host allows Triple-DES key exchanges during session setup. Ciphers that use 3DES are prone to birthday attacks, where an attacker who is able to cause enough cryptographic collisions can recover a stored session cookie or other sensitive information through the use of malicious Javascript.

Solution

Configure the device to only allow strong encryption.

See Also

https://sweet32.info

http://www.nessus.org/u?8891df96

http://www.nessus.org/u?dcd90dc3"

Plugin Details

Severity: Low

ID: 7223

Version: 1.0

Family: Generic

Published: 8/24/2016

Updated: 8/16/2018

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.5

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

Patch Publication Date: 8/24/2016

Vulnerability Publication Date: 8/24/2016