Play Labs on this vulnerability with SecureFlag!
- Weak Cipher
- Description
- Impact
- Scenarios
- Prevention
- Testing
- References
Description
In modern secure communication systems, encryption algorithms, or ciphers, define the way in which data is transformed into and out of an encrypted state. Strong algorithms endeavor to make the process of reversal beyond reach to malicious actors due to inherent computational complexity. Weak ciphers are those encryption algorithms vulnerable to attack, often as a result of an insufficient key length. In NIST parlance, weak ciphers are either:
- Deprecated (the use of the algorithm and key length is allowed, but the user must accept some risk) or;
- Disallowed (algorithm or key length is no longer allowed for the indicated use).
Ciphers degrade in their efficacy like all other security controls, with new cryptanalysis techniques and an exponential increase in computing power both playing prominent roles in the deprecation and/or complete scrapping of various standards. The below examples are of weak algorithms that are completely broken:
-
The Data Encryption Standard (DES) is an algorithm that was adopted as an official standard in 1977 in the US. The original proposal was modified slightly to strengthen against differential cryptanalysis but also significantly weakened against brute-force attacks, particularly as a result of the reduction of key size to 56 bits. With enough horsepower, it was only a matter of time before a key-search machine, capable of rapidly computing every possible key, in turn, was able to break DES.
-
Electronic Codebook (ECB) is an algorithm that has been proven to be semantically insecure, as the encryption of two identical cleartext blocks always generates the same block of ciphertext. Thus, it can enable an attacker to determine if two ECB blocks are identical, share a common prefix, or share other identifiable commonalities, including repetitive data.
-
The Cipher Block Chaining (CBC) is largely being replaced by the Galois Counter Mode (GCM), which has the benefit of providing integrity, unlike CBC. Typically, CBC is combined with a Message Authentication Code to ensure the ciphertext has not been tampered with in transit; however, this additional layer of security is often missed.
Impact
Cipher deprecation and/or obsolescence is of perennial concern as it opens the door to malicious actors with the available tools and know-how. Successful brute-forcing of weak ciphers can result in a malicious actor decrypting data containing sensitive information, potentially leading to a complete compromise of confidentiality and integrity. The extent of damage is really only limited to the value of compromised data and the imagination of the attacker.
This sobering collection of statistics regarding the SSL cryptographic protocols presents the pervasiveness of weak ciphers in use at least up to late 2019. Figures that jump out include the fact that in the top 100,000 sites in Q3 of 2018, 6.8% were still using the broken SSL 2.0 & SSL 3.0 versions.
Scenarios
A major chunk of the Internet’s secure communications are funneled through the SSL/TLS cryptographic protocols. It is important to note that these protocols are not insecure per se; however, if improperly configured, they could be susceptible to a type of attack that forces it to switch from using a high standard encryption connection in favor of a weaker mode. The attack takes advantage of configurable options in the TLS cryptographic protocol that allow for backward compatibility with older systems, i.e., they accept inferior/dated/weak ciphers, in the worst case even downgrading encrypted traffic to cleartext.
Prevention
Preventing attacks on weak ciphers can be greatly diminished primarily by not using weak ciphers! There is, of course, a bit more to it than that in terms of implementation and correct configuration, but ensuring adherence to up-to-date standards is the best way to mitigate exploitation.
- Developers must stay up to date with relevant, accepted industry standards from relevant organizations, e.g., NIST.
- The use of weak ciphers and modes that are known to be insecure must be avoided.
- In the case of TLS, since the client and the server can negotiate the choice of algorithm in the event that there are different levels of capability, weak ciphers must be disabled.
This removal of backward compatibility eliminates the possibility of a downgrade.
Testing
Verify that known insecure block modes (i.e., ECB, etc.), padding modes (i.e., PKCS#1 v1.5, etc.), ciphers with small block sizes (i.e., Triple-DES, Blowfish, etc.) are not used unless required for backward compatibility.
References
NIST
CWE - Inadequate Encryption Strength
Microsoft - Choose an Encryption Algorithm
Cryptography Stack Exchange - Why shouldn’t I use ECB encryption?
Wikipedia - Data Encryption Standard
Wikipedia - Semantic Security
Wikipedia - Downgrade Attack
ReferralMD - The Impact of Weak Protocols & Ciphers on Healthcare Servers
FAQs
How to fix. To stop using weak cipher suites, you must configure your web server cipher suite list accordingly. Ideally, as a general guideline, you should remove any cipher suite containing references to NULL, anonymous, export, DES, 3DES, RC4, and MD5 algorithms.
What is the risk of weak ciphers? ›
Risks Associated with Weak Cipher Suites
Weak cipher suites are a breeding ground for various cyber attacks. Hackers can exploit vulnerabilities in outdated encryption algorithms or key exchange methods to eavesdrop on confidential communications, intercept sensitive data, or even launch man-in-the-middle attacks.
How to disable weak ciphers in Windows? ›
Normally to disable weak ciphers on a Windows server you just run IISCrypto and disable the protocols that you don't want. Reboot the machine and they are no longer available.
How to identify a weak cipher? ›
Identify Weak Protocols and Cipher Suites
- Identify traffic that uses less secure TLS protocol versions.
- Identify traffic that uses a particular key exchange algorithm.
- Identify traffic that uses a particular authentication algorithm.
- Identify traffic that uses a particular encryption algorithm.
Disabling Weak Cipher Suites Globally Through Java
- At a command prompt, access the java.security file: ...
- Open the java.security file and locate the following parameter: ...
- In this line, after =SSLv3 , add DES and DESede so that the line looks like this: ...
- Verify that weak cipher suites have been disabled.
One way to make a Caesar cipher a bit harder to break is to use different shifts at different positions in the message. For example, we could shift the first character by 25, the second by 14, the third by 17, and the fourth by 10.
What is the impact of removing weak ciphers? ›
Be aware that reducing the available ciphers may limit support for older browsers or may prevent legacy MFDs from connecting to the PaperCut server, so please take care to test changes thoroughly. Most MFDs will support TLS v1.
Does TLS 1.2 have weak ciphers? ›
A cipher suite is identified as obsolete when one or more of the mechanisms is weak. Especially weak encryption algorithms in TLS 1.2 are designated as NULL, RC2, RC4, DES, IDEA, and TDES/3DES; cipher suites using these algorithms should not be used9.
How to configure your web server to disallow using weak ciphers? ›
How to Disable Weak SSL Cipher Suites
- Introduction.
- About SSL Cipher Suites.
- Backup your ssl.conf.
- Edit the ssl.conf and remove weak ciphers.
- Ensure your changes persist.
- Check and reload Nginx.
- Retesting.
The Disable-TlsCipherSuite cmdlet disables a cipher suite. This cmdlet removes the cipher suite from the list of Transport Layer Security (TLS) protocol cipher suites for the computer.
Finally, there is the option for a “NULL” cipher, which simply means, the traffic should not be encrypted – so this option should definitely not be enabled. In short, you should disable known deprecated and discouraged ciphers, including DES, IDEA, 3DES, RC2, RC4, IDEA, ARIA, SEED, and NULL ciphers.
How to remove weak ciphers from SSH? ›
Solution
- Log in to the instance using the ssh command.
- Switch to a root user using the sudo su - command.
- List the currently enabled ciphers by running the command sshd -T | grep -i 'cipher'.
- Copy the list and remove the unwanted ciphers. ...
- Make a backup of the file /etc/ssh/sshd_config by running the command:
Find the cipher using Chrome
- Launch Chrome.
- Enter the URL you wish to check in the browser.
- Click on the ellipsis located on the top-right in the browser.
- Select More tools > Developer tools > Security.
- Look for the line "Connection...". This will describe the version of TLS or SSL used.
5 answers
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following subkey: *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms*
- On the Edit menu, point to New, and then click Key.
The Caesar cipher is a shift cipher, one of the simplest forms of encryption in which each letter of the message is replaced by a letter a certain number of positions down in the alphabet.
How do I disable weak ciphers in Azure? ›
Let's say, based from the list of supported TLS cipher suites, we would like to disable all the cipher suites that are weaker than TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA . In order to do this, we can call the Update Config API to set the property minTlsCipherSuite to TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA .
How to remove weak ciphers from Apache? ›
Disable weak ciphers in Apache + CentOS
- Edit the following file. ...
- Press key "shift and G" to go end of the file.
- Copy and paste the following lines. ...
- We need to verify the lines we added to the config file are no enable by default. ...
- Save the file in "vi" by running ":wq"
- Restart Apache.
Configure allowed cipher suites
Open regedit.exe and go to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002. Edit the Functions key, and set its value to the list of Cipher Suites that you want to allow.
