icon

We found results for “

CVE-2016-2183

Date: August 31, 2016

Overview

DES and Triple DES are 64-bit block ciphers that are commonly used in popular cryptographic protocols such as SSH, TLS, OpenVPN, and IPsec. This vulnerability, also known as the Sweet32 Birthday attack, takes advantage of the design weaknesses in these ciphers to allow an attacker to carry out a man-in-the-middle attack and harvest sensitive information.

Details

DES and Triple DES algorithms are routinely used to encrypt traffic between clients and servers. However, because they use a short block size of 64-bits, this makes them vulnerable to birthday attacks. The Sweet32 Birthday attack exploits this vulnerability by allowing an attacker to retrieve plaintext data against a long-lasting encryption session. To conduct this attack, an intruder would monitor a victim’s traffic and run JavaScript on the victim’s web browser. This way, they can send enough traffic to produce a collision or a similar ciphertext. Consequently, they can use the information to retrieve something like HTTP session cookies sent over OpenVPN-encrypted or TLS-encrypted channels. With such a technique, it’s possible to retrieve and decrypt sensitive data in one to two days. Block ciphers in certain modes, such as CBC mode, are able to encrypt only a limited number of plaintext blocks. Beyond which, they are likely to generate a collision. In the case of 64-bit blocks, this limit is about 32 GB of data, which can easily be realized in practice. An attacker can use malicious JavaScript to send large volumes of data from a victim’s browser to a vulnerable server and produce sufficient traffic to cause a collision, which makes it easy to retrieve sensitive information.

Affected Environments

All versions of SSL/TLS protocols that support DES and Three DES cipher suites are vulnerable to CVE-2016-2183.

Remediation

If you must use DES or Triple DES, you should keep to a threshold of 32 GB. This should apply for all data sent or received using the same symmetric key. Disable or remove deprecated DES and Triple DES algorithms from your servers. If you have an old server that only supports legacy ciphers, you should upgrade to a better one. Using more secure encryption methods, such as AES, could also save you from this vulnerability.

Prevention

Phase out weak ciphers, such as DES and Triple DES, from your IT environments. Keep all server software updated.

Language: C

Good to know:

icon

Information Leak / Disclosure

CWE-200
icon

Upgrade Version

Upgrade to version 1.0.2i,1.0.1u

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): None
Availability (A): None
Additional information:

Related Resources (140)