Identified Weak Ciphers
Please see my recent scan and evidence of weak ciphers to please remove from EAP660 HD:
Summary
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services.
Detection Result
'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) 'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) 'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) 'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
Insight
These rules are applied for the evaluation of the vulnerable cipher suites: - 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).
Detection Method
Version used: |
2021-09-20T09:01:50Z |
Affected Software/OS
Services accepting vulnerable SSL/TLS cipher suites via HTTPS.
Solution
Solution Type:
Mitigation
The configuration of this services should be changed so that it does not accept the listed cipher suites anymore. Please see the references for more resources supporting you with this task.