CA Spectrum - Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

book

Article ID: 210385

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Security team has identified a below vulnerability 

Name:
-----
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Port No's:
----------
14012
14013
14014

CVE-ID:
-------
CVE-2016-2183

Threat
------
"Legacy block ciphers having block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode. 
All versions of SSL/TLS protocol support cipher suites which use DES, 3DES, IDEA or RC2 as the symmetric encryption cipher are affected. 

Note: This CVE is patched at following versions 
OPENSSL-0.9.8J-0.102.2 
LIBOPENSSL0_9_8-0.9.8J-0.102.2 
LIBOPENSSL0_9_8-32BIT-0.9.8J-0.102.2 
OPENSSL1-1.0.1G-0.52.1 
OPENSSL1-DOC-1.0.1G-0.52.1 
LIBOPENSSL1_0_0-1.0.1G-0.52.1 
LIBOPENSSL1-DEVEL-1.0.1G-0.52.1 
JAVA-1_6_0-IBM-1.6.0_SR16.41-81.1"

Impact
-------
Remote attackers can obtain cleartext data via a birthday attack against a long-duration encrypted session.

Recommendation by Tool
----------------------
"Disable and stop using DES, 3DES, IDEA or RC2 ciphers. 
More information can be found at Microsoft Windows TLS changes docs (https://docs.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) and Microsoft Transport Layer Security (TLS) registry settings (https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings)"

Cause

This is caused by improperly configured CORBA files or a policy that blocks anonymous ciphers.

Environment

Release : 10.4

Component : Spectrum Core / SpectroSERVER

Resolution

Currently, we can't restrict the cipher suites for secure CORBA ports.

This vulnerability will be addressed as part of feature request F83485 (in NetOps 21.2.1)

Additional Information

If the client is not specifically using secure corba they can disable it which will stop the ports from being bound.

https://knowledge.broadcom.com/external/article/112340/how-disable-secure-corba-after-seeing-po.html
How to disable Secure CORBA after seeing ports in a vulnerability scan (broadcom.com)