📄

Report #29003

Report Date
March 4, 2024
Status
Closed
Payout

The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers

Report Info

Report ID

#29003

Report type

Websites and Applications

Has PoC?

Yes

Target

Impacts

Lack of valid SSL/TLS

Description

The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers

Vulnerability Details

Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is encrypted separately according to a mode of operation. Older block ciphers, such as Triple-DES and Blowfish use a block size of 64 bits, whereas AES uses a block size of 128 bits. A attacker can can decrypt victim data using Sweet32 birthday attck vulnerability over wifi or (local network)

Impact Details

Allows attackers to compromise HTTPS connections using 64-bit block ciphers.

References

Proof of concept

open nmap and type: nmap --script ssl-enum-ciphers basin.exchange and wait until it finishes the scan

BIC Response

We have closed this report and marked it as spam for the following reason:

Extremely low quality