Which TLS/SSL Vulnerabilities should I be worried about?
Note: This blog article is currently a living document and will be added to on an ongoing basis.
If you put anything on the internet, or host anything internally which provides personal or sensitive information you should ensure that your security is setup correctly and that any old or legacy security features are disabled to help reduce your area of risk. In fact, this should be case no matter what you are doing as cyber best practice. However, one of the areas that I always see on penetration tests, vulnerability assessments and Cyber Essentials Plus audits are weak or insecure TLS/SSL configurations, whether this is vulneabilities, weak ciphers or hashes, it comes down to ensuring these are addresses as soon as possible.
This blog post aims to help you read up on these vulnerabiliites and help you address them without having to search the internet for information.
There are many ways to check to see if you have week or insecure SSL ciphers in place, some of the popular tools to check for these are:
- https://www.ssllabs.com/ssltest/
- https://github.com/rbsec/sslscan
- https://www.openvas.org/
- https://www.tenable.com/products/nessus
Vulnerabilities
Bar Mitzvah
The bar mitzvah attack, which was assigned CVE-2015-2808, is an attack which targets the SSL/TLS protocols and attempts to exploit the use of the RC4 cipher with weak keys for that cipher. RC4 ciphers have been around for a long time and are no longer recommended to be used within any environment due to their insecurities.
More information:
- https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
- https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/
- https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4
- https://superuser.com/questions/866738/disabling-rc4-in-the-ssl-cipher-suite-of-an-apache-server
Beast
More information:
- https://www.netsparker.com/blog/web-security/how-the-beast-attack-works/
- https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack
Breach
More information:
Crime
More information:
- https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786446(v=ws.11)
Drown
More information:
- https://drownattack.com/
- https://www.softwaresecured.com/how-to-confirm-whether-you-are-vulnerable-to-the-drown-attack/
- https://www.globalsign.com/en/blog/drown-attack-sslv2
Freak
More information:
- https://www.digicert.com/blog/freak-attack-need-know/
- https://geekflare.com/test-freak-attack-cve-2015-0204-and-fix/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031
Heartbleed
More information:
- https://heartbleed.com/
- https://geekflare.com/how-to-test-heart-bleed-ssl-vulnerabilities-cve-2014-0160/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-066
- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/
- https://www.toptal.com/freelance/the-heartbleed-openssl-bug-what-you-need-to-know
Logjam
More information:
- https://weakdh.org/
- https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-055
- https://geekflare.com/test-logjam-attack-cve-2015-4000-and-fix/
Poodle
More information:
- https://us-cert.cisa.gov/ncas/alerts/TA14-290A
- https://medium.com/@c0D3M/poodle-attack-explained-ed6a1cd0667d
- https://support.microsoft.com/en-gb/help/3127484/update-rollup-for-poodle-attack-against-tls-security-vulnerability-in
- https://access.redhat.com/solutions/1232413
Sweet32
More information:
- https://sweet32.info/
- https://blog.securityevaluators.com/what-is-sweet32-4a62dca90296
- https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
- https://access.redhat.com/articles/2548661
Cipher Suites
RC4
The RC4 cipher has been around for a long time, its been around say the dawn of the internet. It was invented by Ron Rivest and it was widely adopted and still is to this day. However, its been more than 15 years since security researches discovered security weaknesses within the RC4 cipher, weaknesses which could allow attackers to decrypt the keystream. This could and can causes issues with protecting data and should be disabled/removed from systems as soon as possible.
More information:
- https://support.microsoft.com/en-us/help/3151631/rc4-cipher-is-no-longer-supported-in-internet-explorer-11-or-microsoft
- https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4
- https://superuser.com/questions/866738/disabling-rc4-in-the-ssl-cipher-suite-of-an-apache-server
- https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/
RC2
RC2 is an old cipher and was origionally designed to be a replacement for DES, however it is extremetly insecure and contains many security weaknesses. This cipher is not around as much these days. It is a symmetric key block cipher which was designed by Ron Rivest in 1987.
More information:
- https://tools.ietf.org/html/rfc2268
- https://link.springer.com/content/pdf/10.1007/3-540-69710-1_14.pdf
3DES
The Triple DES (3DES) cipher is a symmetric key-block cipher which applies the DES cipher three times by encrypting the first key, decrypting with the second key and encrypting with the third key.
It is recommended that 3DES is no longer needed following a security analysis and demonstration showing attacks against 3DES in real-world examples in 2017, in 2017 NIST restricted the usage to 220 64-bit blocks using a single key bundle, thereby making is useless for TLS and IPSec or large file encryptions.
More information:
- https://www.cryptomathic.com/news-events/blog/3des-is-officially-being-retired
- https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
DES
The Data Encryption Standard (DES) cipher was developed in the early 1970’s by IBM. It contains a short key length, 56 bits, making it too insecure in todays world to secure anything.
More information:
- https://en.wikipedia.org/wiki/Data_Encryption_Standard
- http://page.math.tu-berlin.de/~kant/teaching/hess/krypto-ws2006/des.htm
- https://medium.com/@ahsanbarkati/the-des-data-encryption-standard-16466b45c30d
NULL
The NULL cipher is a really old cipher which can also be known as a concealment cipher. It is a cipher which encrypts plaintext content with a large amount of non-cipher related material.
More information:
Hashing
SHA1
SHA1 has been flagged by all the major companies that this hashing algorithm is weak and insecure, due to this, it was decided that it should no longer be used for anything.
More information: