Incident Report 06032101 - Vulnerability Analysis
SUMMARY OF REPORT
On June 3rd, 2021, two security vulnerabilities were identified by a customer:
| ID | Identified Vulnerability |
|---|
| VUL-01 | Support for SSL 64-bit block encryption (SWEET32) |
| VUL-02 | TLS Version 1.0 Protocol Discovery |
FINDINGS
The below resources fall into the scope of impact and can be affected due to security vulnerabilities.
- Production nodes in US region were vulnerable to the vulnerabilities identified.
- Recommended actions had no operational impact on any server.
- Disabling the support for weaker algorithms and protocols would eliminate the support for SSL 64-bit block encryption (SWEET32) and TLS v1.0 discovery vulnerabilities.
For the execution of this project, the most up-to-date versions of the following tools and components associated with them were used:
| Tool | Description |
|---|
| NMAP | It is a free, open source tool for vulnerability scanning and network detection. |
LINE OF ACTION AND ASSOCIATED TIMELINES
The following table outlines actions performed and their schedule to remediate security issues and vulnerabilities.
| ID | Identified Vulnerability | Identification Date | Incident Resolution Date (Start to End) |
|---|
| VUL-01 | Support for SSL 64-bit block encryption (SWEET32) | June 03 2021 | June 05 2021 - June 20 2021 |
| VUL-02 | TLS Version 1.0 Protocol Discovery | June 03 2021 | June 05 2021 - June 20 2021 |
Below is the detail about actions performed to remove security vulnerabilities.
| Vulnerability Identification |
|---|
| VUL-01 - Support for SSL 64-bit block encryption (SWEET32) |
| Description of Vulnerability |
| The service supports the use of 64-bit block ciphers. |
| Remediation Action |
| Reconfigured the affected nodes to disable support for outdated 64-bit block ciphers. See Reference |
| Vulnerability Identification |
|---|
| VUL-02 - TLS Version 1.0 Protocol Discovery |
| Description of Vulnerability |
| The remote service has an older version of TLS enabled. |
| Remediation Action |
| Enabled TLS 1.2 and disabled support for TLS 1.0 protocol. See Reference |
DETAIL OF VULNERABILITIES
This section provides complete detail of vulnerabilities identified during the assessment procedure.
| Vulnerability ID: VUL-01 Support for SSL 64-bit block encryption (SWEET32). |
|---|
| Description of Vulnerability The service supports the use of 64-bit block ciphers. |
| Organizational Risk The remote host supports the use of block cipher with 64-bit blocks in one or more cipher suites. Therefore, it is affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. An intermediary attacker with sufficient resources can exploit this vulnerability, through an attack called 'birthday attack '. |
| Vulnerability ID: VUL-02 TLS Version 1.0 Protocol Discovery. |
|---|
| Description of Vulnerability The remote service has an older version of TLS enabled. |
| Organizational Risk The remote service accepts encrypted connections using TLS 1.0. TLS 1.0 has several design flaws cryptographic. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS such as 1.2 and 1.3 are designed against these flaws and should be used whenever possible. |