< Alle Emner
Print

Sweet32 (CVE-2016-2183)

Summary

The goal of this article is to give a brief, specific and precise overview of the Sweet32 cryptographic vulnerability. It will go into further detail with subjects such as how to verify the presence of the vulnerability, how to mitigate it and what to be aware of when applying a fix for it – with a focus on Windows systems.

 

Vulnerability Details

The Sweet32 vulnerability targeted 64-bit block ciphers, particularly the 3DES algorithm, used in the TLS and SSL protocols. It took advantage of the collision of data encrypted with the same key and initialization vector (IV) in long-lived connections. This allowed an attacker, who could eavesdrop for longer periods of time on the network traffic, to eventually decrypt portions of the encrypted data.

 

Severity Rating

The severity of the Sweet32 vulnerability was considered moderate to high, depending on the specific use case and the presence of long-lived connections using 3DES. For systems heavily relying on 3DES for encryption, such as VPNs or certain web applications, the risk of exposure to sensitive information was significant.

 

How to Verify if a Device is Vulnerable?

To determine if a device is vulnerable to Sweet32, it is necessary to examine the cipher suites and encryption algorithms used in the TLS or SSL configuration. Specifically, check if 3DES cipher suites are enabled and actively used. Network scanning tools such as “Nmap”[1], “ZenMap”[2] or security assessment tools such as “IISCrypto” from Nartac Software[3] or Nessus can assist in identifying vulnerable systems.
The command for doing so with Nmap is as following: nmap -sV –script ssl-enum-ciphers -p 443 <IP>
If using Nessus vulnerability scanner, the plugin ID[4] for the Sweet32 vulnerability is: 42873
Scripts can also be used to verify and/or detect the presence of Sweet32 – you can read more about that in the “Scripts” section of this article.

[1] See link number 1 under “Links”

[2] See link number 2 under “Links”

[3] See link number 3 under “Links”

[4] https://www.tenable.com/plugins/nessus/42873

 

What You Should Be Aware of if You Apply a Fix

If you apply a fix for the Sweet32 vulnerability, you should be aware that it may result in compatibility issues with older devices or software that rely solely on 3DES encryption such as older browsers, Operating Systems and just software in general. Before implementing the fix, ensure that all critical systems and applications can support alternative, more secure cipher suites like AES.

 

How to Fix

To mitigate the Sweet32 vulnerability, the recommended fix is to disable or deprecate 3DES cipher suites in the TLS or SSL configuration and use stronger encryption algorithms like AES instead. This involves modifying the configuration settings of the affected systems, such as web servers, VPN gateways, or other network devices. We suggest using “IIS Crypto” from Nartac Software in order to do it manually on one or a few Windows servers.

 

GPO

Group Policy Objects (GPOs) can be utilized to enforce the configuration changes across multiple Windows systems in an organization. By creating or modifying GPOs, administrators can centrally control and deploy the necessary changes to disable 3DES cipher suites and enforce the use of more secure encryption algorithms.

To create a GPO that enforces the configuration changes to disable 3DES cipher suites, follow these steps in an Active Directory environment:

  1. Open the Group Policy Management console and create a new Group Policy Object.
  2. Edit the Group Policy Object and navigate to the following section: Computer Configuration -> Policies -> Administrative Templates -> Network -> SSL Configuration Settings
  3. Enable the policy “SSL Cipher Suite Order” and configure the value to prioritize secure cipher suites like AES, excluding 3DES. An example configuration value could be: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  4. Apply the GPO to the relevant Organizational Units (OU) or groups of computers in the Active Directory domain.
  5. Perform a group policy update on the target computers to apply the changes immediately:
    • On the client machines, open a command prompt and run: gpupdate /forc ‘

These examples provide a starting point for GPO configurations to address the Sweet32 vulnerability. However, it’s essential to customize them according to your specific environment and security requirements. Test the changes thoroughly before deploying them to production systems, and always follow best practices for change management and testing procedures.

 

Scripts

Scripts can be employed to automate the process of disabling 3DES cipher suites and implementing the necessary configuration changes on multiple systems. Administrators can develop or utilize existing scripts in scripting languages like PowerShell or Bash to streamline the fix implementation across various devices or servers. There are plenty of pre-made scripts available on resources such as GitHub, that not only disables the specific cipher that is vulnerable to the Sweet32 attack, but also disables a plethora of other deprecated and insecure ciphers[1]. We have linked to some of those scripts in the “Links” section.
Here is an example of a PowerShell script that disable the specific 3DES Cipher Suites that are vulnerable to the Sweet32 attack:

$protocols = Get-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols”

$protocols | ForEach-Object {

    $protocolName = $_.PSChildName

    if ($_.Enabled -eq 1) {

        Write-Host “Disabling 3DES Cipher Suites for $protocolName”

        Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocolName\Client” -Name “Enabled” -Value 0

        Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocolName\Server” -Name “Enabled” -Value 0

    }

}

Write-Host “3DES Cipher Suites disabled successfully.”

 

[1] Special care must be taken when executing these “thorough” scripts on Windows Server 2016 and earlier.

 

Rollback

In the event that applying the fix causes unexpected issues or compatibility problems, it is crucial to have a rollback plan. This involves ensuring that backups or snapshots of the system’s configuration and state are available, allowing for a quick restoration to the previous working state if necessary.

 

Preventative Measures

To prevent the Sweet32 vulnerability or similar cryptographic issues, it is recommended to adopt the following measures:

  • Stay updated with the latest security patches and updates for your systems and software.
  • Regularly review and update the cipher suites and encryption algorithms used in your TLS/SSL configurations.
  • Employ strong, modern encryption algorithms like AES or ChaCha20.
  • Implement a regular vulnerability scanning and penetration testing program to identify and address any security weaknesses promptly.
  • Monitor network traffic and detect any suspicious or unauthorized activities. 

 

Links (for additional resources and references)

Software:

1: https://nmap.org/book/inst-windows.html

2: https://nmap.org/zenmap/

3: https://www.nartac.com/Products/IISCrypto

PowerShell script for disabling multiple insecure cryptographic ciphers:

https://gist.github.com/jbratu/6262684939e15e638892973f5f8eed78

Indholdsfortegnelse