Vulnerability: AdminUI SSL Diffie-Hellman Modulus <= 1024 Bits Logjam
search cancel

Vulnerability: AdminUI SSL Diffie-Hellman Modulus <= 1024 Bits Logjam

book

Article ID: 218751

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

When running the AdminUI, a vulnerability has been found on port 8443 as:

 "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)"

 

Cause

 

The vulnerability "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)" known as CVE-2015-4000, is related to a modulus and DE EXPORT shorter than 1024 bits.

Against the AdminUI 12.8SP5, when running the following command which doesn't report that "Diffie-Hellman Modulus <= 1024 Bits":

# nmap -sT -PN -p 8443 127.0.0.1 --script ssl-enum-ciphers.nse

    Starting Nmap 7.70 ( https://nmap.org ) at 2021-05-28 13:27 CEST
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.000051s latency).

    PORT     STATE SERVICE
    8443/tcp open  https-alt
    | ssl-enum-ciphers:
    |   TLSv1.1:
    |     ciphers:
    |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
    |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |     compressors:
    |       NULL
    |     cipher preference: client
    |   TLSv1.2:
    |     ciphers:
    |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
    |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |     compressors:
    |       NULL
    |     cipher preference: client
    |_  least strength: A


"A" means the top strength of the cipher. And each of them has 2048 bits, which is higher than the 1024 reported by the vulnerability.

 

Resolution

 

When comparing the output of the scanned environment the same data can be found, which means the above vulnerability cannot be detected:

  |   TLSv1.1:
  |     ciphers:
  |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
  |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
  |       TLS_RSA_WITH_AES_128_CBC_SHA - strong
  |       TLS_RSA_WITH_AES_256_CBC_SHA - strong

  |   TLSv1.2:
  |     ciphers:
  |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
  |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
  |       TLS_RSA_WITH_AES_128_CBC_SHA - strong
  |       TLS_RSA_WITH_AES_256_CBC_SHA - strong

Ask the Security team which cipher is related to:  

The vulnerability "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)" known as CVE-2015-4000, is related to a modulus and DE EXPORT shorter than 1024 bits.

as it each one seen is 2048.

 

Powered by Wolken Software