Skip to content
English - United States
  • There are no suggestions because the search field is empty.

Incident Report 06032101 - Vulnerability Analysis

SUMMARY OF REPORT

On June 3rd, 2021, two security vulnerabilities were identified by a customer:

ID
Identified Vulnerability
VUL-01
Support for SSL 64-bit block encryption (SWEET32)
VUL-02
TLS Version 1.0 Protocol Discovery

FINDINGS

The below resources fall into the scope of impact and can be affected due to security vulnerabilities.

  • Production nodes in US region were vulnerable to the vulnerabilities identified.
  • Recommended actions had no operational impact on any server.
  • Disabling the support for weaker algorithms and protocols would eliminate the support for SSL 64-bit block encryption (SWEET32) and TLS v1.0 discovery vulnerabilities.

USED TOOLS

For the execution of this project, the most up-to-date versions of the following tools and components associated with them were used:

Tool
Description
NMAP
It is a free, open source tool for vulnerability scanning and network detection.

LINE OF ACTION AND ASSOCIATED TIMELINES

The following table outlines actions performed and their schedule to remediate security issues and vulnerabilities.

ID
Identified Vulnerability
Identification Date
Incident Resolution Date (Start to End)
VUL-01
Support for SSL 64-bit block encryption (SWEET32)
June 03 2021
June 05 2021 - June 20 2021
VUL-02
TLS Version 1.0 Protocol Discovery
June 03 2021
June 05 2021 - June 20 2021

REMEDIATION PROCEDURE

Below is the detail about actions performed to remove security vulnerabilities.

Vulnerability Identification
VUL-01 - Support for SSL 64-bit block encryption (SWEET32)
Description of Vulnerability
The service supports the use of 64-bit block ciphers.
Remediation Action
Reconfigured the affected nodes to disable support for outdated 64-bit block ciphers. See Reference
Vulnerability Identification
VUL-02 - TLS Version 1.0 Protocol Discovery
Description of Vulnerability
The remote service has an older version of TLS enabled.
Remediation Action
Enabled TLS 1.2 and disabled support for TLS 1.0 protocol. See Reference

DETAIL OF VULNERABILITIES

This section provides complete detail of vulnerabilities identified during the assessment procedure.

Vulnerability ID: VUL-01Support for SSL 64-bit block encryption (SWEET32).
Description of Vulnerability The service supports the use of 64-bit block ciphers.
Organizational Risk The remote host supports the use of block cipher with 64-bit blocks in one or more cipher suites. Therefore, it is affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. An intermediary attacker with sufficient resources can exploit this vulnerability, through an attack called 'birthday attack '.
Vulnerability ID: VUL-02TLS Version 1.0 Protocol Discovery.
Description of Vulnerability The remote service has an older version of TLS enabled.
Organizational Risk The remote service accepts encrypted connections using TLS 1.0. TLS 1.0 has several design flaws cryptographic. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS such as 1.2 and 1.3 are designed against these flaws and should be used whenever possible.