FIRST
Status
Fail (This must be resolved for your device to be compliant).
Plugin
"OpenSSL 'ChangeCipherSpec' MiTM Vulnerability"
Category
"Misc. "
Priority
"Medium Priority
Synopsis
The remote host is affected by a vulnerability that could allow sensitive data to be decrypted.
Description
The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.
See also:
www.nessus.org/u
www.imperialviolet.org/.../earlyccs.html
www.openssl.org/.../secadv_20140605.txt
Risk factor
MEDIUM / CVSS BASE SCORE :5.8 CVSS2#AV:N/AC:M/Au:N/C[[[:P]]]/I[[[:P]]]/A:N
Plugin
output
The remote service accepted an SSL ChangeCipherSpec message at an incorrect point in the handshake
leading to weak keys being used, and then attempted to decrypt an SSL record using those weak keys.
Addition Information
CVE:
CVE-2010-5298
CVE-2014-0076
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
BID : 66363, 66801, 67193, 67898, 67899, 67900, 67901 Other references : OSVDB:104810, OSVDB:105763, OSVDB:106531, OSVDB:107729, OSVDB:107730, OSVDB:107731, OSVDB:107732, CERT:978508
Solution
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
SECOND
Status
Fail (This must be resolved for your device to be compliant).
Plugin
"SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability"
Category
"General "
Priority
"Medium Priority
Synopsis
It may be possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.
Description
A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system.
TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
This script tries to establish an SSL/TLS remote connection using an affected SSL version and cipher suite, and then solicits return data.
If returned application data is not fragmented with an empty or one-byte record, it is likely vulnerable.
OpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized.
Microsoft implemented one-byte fragments as a countermeasure, and the setting can be controlled via the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHAN
NEL\SendExtraRecord.
Therefore, if multiple applications use the same SSL/TLS implementation, some may be vulnerable while others may not, depending on whether or not a countermeasure has been enabled.
Note that this script detects the vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It does not detect the BEAST attack where it exploits the vulnerability at HTTPS client-side (i.e., Internet browser). The detection at server-side does not necessarily mean your server is vulnerable to the BEAST attack because the attack exploits the vulnerability at client-side, and both SSL/TLS clients and servers can independently employ the split record countermeasure.
See also:
www.openssl.org/.../tls-cbc.txt
vnhacker.blogspot.com/.../beast.html
technet.microsoft.com/.../ms12-006
support.microsoft.com/.../2643584
blogs.msdn.com/.../fixing-the-
Risk factor
CVE-2011-3389 - Medium / CVSS BASE SCORE :4.3 CVSS2#(AV:N/AC:M/Au:N/C[[[:P]]]/I:N/A:N)
Plugin
output
Negotiated cipher suite: DHE-RSA-AES256-SHA|TLSv1|Kx=DH|Au=RSA|Enc=AES-CBC(256)|Mac=SHA1
Addition Information
CVE:
CVE-2011-3389
BID : 49778 Other references : OSVDB:74829, MSFT:MS12-006, IAVB:2012-B-0006
Solution
Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. Apply patches if available.
Note that additional configuration may be required after the installation of the MS12-006 security update in order to enable the split-record countermeasure. See Microsoft KB2643584 for details.
Any help of how to address this would be greatly appreciated.
This thread was automatically locked due to age.
