Professional Documents
Culture Documents
From : http://www.stardothosting.com
Due to historic export restrictions of high grade cryptography, legacy and new web
servers are often able and configured to handle weak cryptographic options.
Even if high grade ciphers are normally used and installed, some server
misconfiguration could be used to force the use of a weaker cipher to gain access
to the supposed secure communication channel.
The http clear-text protocol is normally secured via an SSL or TLS tunnel,
resulting in https traffic. In addition to providing encryption of data in
transit, https allows the identification of servers (and, optionally, of clients)
by means of digital certificates.
Historically, there have been limitations set in place by the U.S. government to
allow cryptosystems to be exported only for key sizes of, at most, 40 bits, a key
length which could be broken and would allow the decryption of communications.
Since then, cryptographic export regulations have been relaxed (though some
constraints still hold); however, it is important to check the SSL configuration
being used to avoid putting in place cryptographic support which could be easily
defeated. SSL-based services should not offer the possibility to choose weak
ciphers.
The nmap scanner, via the “–sV” scan option, is able to identify SSL services.
Vulnerability Scanners, in addition to performing service discovery, may include
checks against weak ciphers (for example, the Nessus scanner has the capability of
checking SSL services on arbitrary ports, and will report weak ciphers).
https (443/tcp)
Description
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=**, ST=******, L=******, O=******, OU=******, CN=******
Validity
Not Before: Oct 17 07:12:16 2002 GMT
Not After : Oct 16 07:12:16 2004 GMT
Subject: C=**, ST=******, L=******, O=******, CN=******
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:98:4f:24:16:cb:0f:74:e8:9c:55:ce:62:14:4e:
6b:84:c5:81:43:59:c1:2e:ac:ba:af:92:51:f3:0b:
ad:e1:4b:22:ba:5a:9a:1e:0f:0b:fb:3d:5d:e6:fc:
ef:b8:8c:dc:78:28:97:8b:f0:1f:17:9f:69:3f:0e:
72:51:24:1b:9c:3d:85:52:1d:df:da:5a:b8:2e:d2:
09:00:76:24:43:bc:08:67:6b:dd:6b:e9:d2:f5:67:
e1:90:2a:b4:3b:b4:3c:b3:71:4e:88:08:74:b9:a8:
2d:c4:8c:65:93:08:e6:2f:fd:e0:fa:dc:6d:d7:a2:
3d:0a:75:26:cf:dc:47:74:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
Page 10
Network Vulnerability Assessment Report 25.05.2005
X509v3 Subject Key Identifier:
10:00:38:4C:45:F0:7C:E4:C6:A7:A4:E2:C9:F0:E4:2B:A8:F9:63:A8
X509v3 Authority Key Identifier:
keyid:CE:E5:F9:41:7B:D9:0E:5E:5D:DF:5E:B9:F3:E6:4A:12:19:02:76:CE
DirName:/C=**/ST=******/L=******/O=******/OU=******/CN=******
serial:00
Signature Algorithm: md5WithRSAEncryption
7b:14:bd:c7:3c:0c:01:8d:69:91:95:46:5c:e6:1e:25:9b:aa:
8b:f5:0d:de:e3:2e:82:1e:68:be:97:3b:39:4a:83:ae:fd:15:
2e:50:c8:a7:16:6e:c9:4e:76:cc:fd:69:ae:4f:12:b8:e7:01:
b6:58:7e:39:d1:fa:8d:49:bd:ff:6b:a8:dd:ae:83:ed:bc:b2:
40:e3:a5:e0:fd:ae:3f:57:4d:ec:f3:21:34:b1:84:97:06:6f:
f4:7d:f4:1c:84:cc:bb:1c:1c:e7:7a:7d:2d:e9:49:60:93:12:
0d:9f:05:8c:8e:f9:cf:e8:9f:fc:15:c0:6e:e2:fe:e5:07:81:
82:fc
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
The SSLv2 server offers 5 strong ciphers, but also 0 medium strength and 2 weak
"export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade or badly configured
client software. They only offer a limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client software if necessary.
See http://support.microsoft.com/default.aspx?scid=kben-us216482 or
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite This SSLv2
server also accepts SSLv3 connections. This SSLv2 server also accepts TLSv1
connections.
Vulnerable hosts
(list of vulnerable hosts follows)
Example 3. Manually audit weak SSL cipher levels with OpenSSL. The following will
attempt to connect to Google.com with SSLv2.
These tests usually provide a very in-depth and reliable method for ensuring weak
and vulnerable ciphers are not used in order to comply with said audits.
Personally, I prefer the nessus audit scans. Usually the default “free” plugins
are enough to complete these types of one-off audits. There are, however,
commercial nessus plugins designed just for PCI-DSS compliance audits and are
available for purchase from the nessus site.