SSL Medium Strength Cipher Suite Supported (SWEET32)

SSL Medium Strength Cipher Suite Supported (SWEET32)

Info
Description: 
SWEET32 is a cryptographic attack that exploits birthday attacks on 64-bit block ciphers, specifically targeting cipher suites like 3DES (Triple DES) and Blowfish when used in TLS, SSH, IPSec, or other encrypted protocols.
Info
Impacts
The attacker exploit the vulnerability in various ways as following.
1.    Hackers can crack encrypted traffic over time:
If an attacker captures enough encrypted data (around 32GB), they can start uncovering patterns that help them decrypt parts of the conversation.
2.    Sensitive information can be exposed:
If a website or VPN is still using one of these outdated ciphers, an attacker could steal things like login cookies, authentication tokens, or private messages.
3.    Older systems are most at risk:
Many legacy applications and devices still rely on 3DES or Blowfish, making them easy targets if they haven’t been updated.
Info
Mitigation
1. Disable 3DES in Windows TLS:

Using Group Policy Editor (GUI Method):
Step-1-> Press Win + R, type gpedit.msc, and press Enter.
Step-2-> Navigate to:

  • Notes
    Computer Configuration → Administrative Templates → Network → SSL Configuration Settings
    • Step-3 -> Double-click SSL Cipher Suite Order and select Enabled.
  • Notes
    Remove any mention of TLS_RSA_WITH_3DES_EDE_CBC_SHA from the list

Step-4 -> Click Apply and OK, then restart the system.

2. Disable 3DES  :

Using registry Editor:
To disable 3DES on your Windows server, set the following registry key:
Notes
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
“Enabled”=dword:00000000


Quote
To avoid this kind of vulnerability security professionals would recommand the organisation perform peroridic vulnerability assessment and peneteration testing.

Created by:
          Offensive security team


 Shakta Technologies Pvt Ltd

    • Related Articles

    • SMB Signing not required vulnerability

      Description: The vulnerability is attacker able to perform the man in the middle attack between SMB server and client communication. This vulnerabilty occurs the lack of SMB misconfiguration. The vulnerability is leads to the MITM,SMB relay attacks. ...

    • LLMNR Poisoning

      Description: LLMNR poisoning is a network-based attack where an attacker sets up a rogue machine on the network to intercept name resolution requests. When a machine on the network attempts to access a file-sharing resource or hostname that is ...

    • Network VAPT PPT