on 07-09-2015 9:01 AM
Hi Experts,
We have scanned our sap systems with an symantic network tool and now we are facing new vulnerability as subject line in one of the system. I have checked in sdn, but no where i found any suggestions about the same.
Below is the output:
Vulnerable connection combinations :
SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-HEllman MODP size (bits) : 512
Logjam attack difficulty : Easy (could be carried out by individuals)
Description:
The remote host allows SSLl/TLS connections with opne or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (Depending on modulud size and attacker resources). This may allow to recover the plaintext or potentially violate the integrity of connections.
Solution:
Reconfigure the services to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Please give your suggestions to get rid of this vulnerability.
Many thanks in advance.
Thanks,
Jaswanth.
Hi Jaswanth,
Please go through this link , in this in detail analysis is given about Diffie-Hellman moduli.
Morever you are required to install patches from your software vendors.
tls - What is Logjam and how do I prevent it? - Information Security Stack Exchange
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manjunath,
Thanks for your response.
I have already gone through this link. Could i have piece of infromation from sap end regarding this vulnerability.
I searched out in sap but no luck. Assuming as per your point in the given link, install patches from software vendor(SAP) means update sap crypto library to latest level will eradicate the vulnerability?
Regards,
Jaswanth.
Hi ,
One solution is to generate a unique DH group for a large prime size such as 2048-bit, and use that instead of a default widely-shared group.
Please see this link that will help you explain 'how to ' procedure.
https://weakdh.org/sysadmin.html
Regards,
User | Count |
---|---|
77 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.