Detecting Sweet32 vulnerability in a Web-Application

Introduction:

Protocols like TLS and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES or 3DES or Blowfish, to encrypt data between clients and servers.Ciphers such as Triple-DES and Blowfish use a block size of 64 bits, whereas AES uses a block size of 128 bits. These short block ciphers are vulnerable to Birthday Attacks (A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory.).

Triple-DES is the second most widely supported cipher (after AES). In HTTPS servers around 87% of servers support it. Furthermore, all popular web browsers(firefox, chrome, Edge browser) support Triple-DES. The cipher that is actually negotiated for a TLS connection is chosen by the server, based on its local preference order and on the order in which the client advertises its ciphersuites.

Sweet-32 Detection

Detecting if the application is vulnerable:

Nmap script: nmap -p <port> –script ssl-enum-ciphers <host>

Host: The ip address to test the vulnerability on.

Port: The port of the host, to test vulnerability on.

Output:

PORT STATE SERVICE

443/tcp open https

| ssl-enum-ciphers:

| TLSv1.0:

| ciphers:

| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) — A

| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) — A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A

| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C

| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C

| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) — C

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) — C

| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) — C

| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) — C

| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) — C

| compressors:

| NULL

| cipher preference: server

| warnings:

| 64-bit block cipher 3DES vulnerable to SWEET32 attack

| Broken cipher RC4 is deprecated by RFC 7465

| Ciphersuite uses MD5 for message integrity

| Weak certificate signature: SHA1

| TLSv1.2:

| ciphers:

| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) — A

| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) — A

| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) — A

| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) — A

| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) — A

| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) — A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A

| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) — A

| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) — A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A

| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C

| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C

| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) — C

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) — C

| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) — C

| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) — C

| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) — C

| compressors:

| NULL

| cipher preference: server

| warnings:

| 64-bit block cipher 3DES vulnerable to SWEET32 attack

| Broken cipher RC4 is deprecated by RFC 7465

| Ciphersuite uses MD5 for message integrity

| _ least strength: C

In the above output, the 3DES ciphers(highlighted ones) are the ones, that are vulnerable and it shows that the server is vulnerable to Sweet32 Attack.

For further confirmation we can use:

SSL labs tool for ssl vulnerabilities: https://www.ssllabs.com/ssltest/index.html

Sweet32 birthday attack:

The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run malicious JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie.

This vulnerability could be used by a MITM(man-in-the-middle) attacker to recover some plain-text data. The attacker is able to intercept and receive vast volumes of encrypted traffic between the client and the TLS/SSL server.

Thanks

Referene:

  1. Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN https://sweet32.info/

Connect with me via : https://www.i-vk.co.in

--

--

--

• Software Engineer with years of experience in Software design and Development. Worked on multiple technologies like Nginx, Spring, AWS, Java, Python, etc,

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Ripple Labs submits supporting reply condemning SEC’s ‘poor’ responses

Top Cybersecurity Threats to Watch Out for in 2020

Cyber security Threats

Know Before You Buy: How to Find Secure IoT Devices

Yet Another (unexpected) Hack for Bounty

How We Improved Information Security at Grofers

Join the Largest NFT consensus P2E metaverse!

Next Step for a SOC Analyst

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vinayak Khandelwal

Vinayak Khandelwal

• Software Engineer with years of experience in Software design and Development. Worked on multiple technologies like Nginx, Spring, AWS, Java, Python, etc,

More from Medium

IoT and security — perspectives from Ted Harrington

Google Acquisition Of Siemplify Is A Knockout Punch For Standalone SOAR

Cyber Vault Discovery Part 1 — Dashboard

BTLO: SPECTRUM(Audio Steganography)