Description

The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers.

Remediation

Reconfigure the affected SSL/TLS server to disable support for obsolete 64-bit block ciphers.

References

Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN

Related Vulnerabilities

Overly long session timeout in servlet configuration

HTTP verb tampering via POST

Redis Unauthorized Access Vulnerability

Unrestricted access to Haproxy Data Plane API

PHP allow_url_include Is Enabled

Severity

Medium

Classification

CVE-2016-2183 CVE-2016-6329 CWE-310 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto