Which TLS/SSL Vulnerabilities should I be worried about?

Note: This blog article is currently a living document and will be added to on an ongoing basis.

If you put anything on the internet, or host anything internally which provides personal or sensitive information you should ensure that your security is setup correctly and that any old or legacy security features are disabled to help reduce your area of risk. In fact, this should be case no matter what you are doing as cyber best practice. However, one of the areas that I always see on penetration tests, vulnerability assessments and Cyber Essentials Plus audits are weak or insecure TLS/SSL configurations, whether this is vulneabilities, weak ciphers or hashes, it comes down to ensuring these are addresses as soon as possible.

This blog post aims to help you read up on these vulnerabiliites and help you address them without having to search the internet for information.

There are many ways to check to see if you have week or insecure SSL ciphers in place, some of the popular tools to check for these are:

• https://www.ssllabs.com/ssltest/
• https://github.com/rbsec/sslscan
• https://www.openvas.org/
• https://www.tenable.com/products/nessus

Vulnerabilities

Bar Mitzvah

The bar mitzvah attack, which was assigned CVE-2015-2808, is an attack which targets the SSL/TLS protocols and attempts to exploit the use of the RC4 cipher with weak keys for that cipher. RC4 ciphers have been around for a long time and are no longer recommended to be used within any environment due to their insecurities.

More information:

• https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
• https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/
• https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4
• https://superuser.com/questions/866738/disabling-rc4-in-the-ssl-cipher-suite-of-an-apache-server

Beast

More information:

• https://www.netsparker.com/blog/web-security/how-the-beast-attack-works/
• https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack

Breach

More information:

• http://breachattack.com/

Crime

More information:

• https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls
• https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786446(v=ws.11)

Drown

More information:

• https://drownattack.com/
• https://www.softwaresecured.com/how-to-confirm-whether-you-are-vulnerable-to-the-drown-attack/
• https://www.globalsign.com/en/blog/drown-attack-sslv2

Freak

More information:

• https://www.digicert.com/blog/freak-attack-need-know/
• https://geekflare.com/test-freak-attack-cve-2015-0204-and-fix/
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031

Heartbleed

More information:

• https://heartbleed.com/
• https://geekflare.com/how-to-test-heart-bleed-ssl-vulnerabilities-cve-2014-0160/
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-066
• https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/
• https://www.toptal.com/freelance/the-heartbleed-openssl-bug-what-you-need-to-know

Logjam

More information:

• https://weakdh.org/
• https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-055
• https://geekflare.com/test-logjam-attack-cve-2015-4000-and-fix/

Poodle

More information:

• https://us-cert.cisa.gov/ncas/alerts/TA14-290A
• https://medium.com/@c0D3M/poodle-attack-explained-ed6a1cd0667d
• https://support.microsoft.com/en-gb/help/3127484/update-rollup-for-poodle-attack-against-tls-security-vulnerability-in
• https://access.redhat.com/solutions/1232413

Sweet32

More information:

• https://sweet32.info/
• https://blog.securityevaluators.com/what-is-sweet32-4a62dca90296
• https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
• https://access.redhat.com/articles/2548661

Cipher Suites

RC4

The RC4 cipher has been around for a long time, its been around say the dawn of the internet. It was invented by Ron Rivest and it was widely adopted and still is to this day. However, its been more than 15 years since security researches discovered security weaknesses within the RC4 cipher, weaknesses which could allow attackers to decrypt the keystream. This could and can causes issues with protecting data and should be disabled/removed from systems as soon as possible.

More information:

• https://support.microsoft.com/en-us/help/3151631/rc4-cipher-is-no-longer-supported-in-internet-explorer-11-or-microsoft
• https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4
• https://superuser.com/questions/866738/disabling-rc4-in-the-ssl-cipher-suite-of-an-apache-server
• https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/

RC2

RC2 is an old cipher and was origionally designed to be a replacement for DES, however it is extremetly insecure and contains many security weaknesses. This cipher is not around as much these days. It is a symmetric key block cipher which was designed by Ron Rivest in 1987.

More information:

• https://tools.ietf.org/html/rfc2268
• https://link.springer.com/content/pdf/10.1007/3-540-69710-1_14.pdf

3DES

The Triple DES (3DES) cipher is a symmetric key-block cipher which applies the DES cipher three times by encrypting the first key, decrypting with the second key and encrypting with the third key.

It is recommended that 3DES is no longer needed following a security analysis and demonstration showing attacks against 3DES in real-world examples in 2017, in 2017 NIST restricted the usage to 220 64-bit blocks using a single key bundle, thereby making is useless for TLS and IPSec or large file encryptions.

More information:

• https://www.cryptomathic.com/news-events/blog/3des-is-officially-being-retired
• https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA

DES

The Data Encryption Standard (DES) cipher was developed in the early 1970’s by IBM. It contains a short key length, 56 bits, making it too insecure in todays world to secure anything.

More information:

• https://en.wikipedia.org/wiki/Data_Encryption_Standard
• http://page.math.tu-berlin.de/~kant/teaching/hess/krypto-ws2006/des.htm
• https://medium.com/@ahsanbarkati/the-des-data-encryption-standard-16466b45c30d

NULL

The NULL cipher is a really old cipher which can also be known as a concealment cipher.  It is a cipher which encrypts plaintext content with a large amount of non-cipher related material.

More information:

• https://medium.com/infosec-adventures/the-null-cipher-4ca2dd2ff9ef

Hashing

SHA1

SHA1 has been flagged by all the major companies that this hashing algorithm is weak and insecure, due to this, it was decided that it should no longer be used for anything.

More information:

• https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
• https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know