The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers
Report ID
#29003
Report type
Websites and Applications
Has PoC?
Yes
Target
Impacts
Lack of valid SSL/TLS
Description
The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers
Vulnerability Details
Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is encrypted separately according to a mode of operation. Older block ciphers, such as Triple-DES and Blowfish use a block size of 64 bits, whereas AES uses a block size of 128 bits. A attacker can can decrypt victim data using Sweet32 birthday attck vulnerability over wifi or (local network)
Impact Details
Allows attackers to compromise HTTPS connections using 64-bit block ciphers.
References
Proof of concept
open nmap and type: nmap --script ssl-enum-ciphers basin.exchange and wait until it finishes the scan
BIC Response
We have closed this report and marked it as spam for the following reason:
Extremely low quality