CVE-2016-2183: SWEET32 TLS/SSL Birthday attacks on 3DES ciphers

SUMMARY

How to resolve the SWEET32 3DES cipher vulnerability.

CVE ID

CVE-2016-2183

DESCRIPTION

A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.

OpenSSL security update openssl-1.0.1e-48.el6_8.3 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string.

RESOLUTION

Unitrends Risk Assessment: None with latest security update

For CentOS6, resolved in latest Unitrends security update via openssl-1.0.1e-48.el6_8.3 and removing 3DES ciphers.
For CentOS5, will not fix.  Need to migrate to CentOS6.

LINK TO ADVISORIES

    NOTES

    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183
    https://access.redhat.com/security/cve/cve-2016-2183
    https://rhn.redhat.com/errata/RHSA-2016-1940.html
     

    Was this article helpful?
    0 out of 0 found this helpful
    Have more questions? Contact us