Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researchers has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. NOTE: On 3/12/15 NVD changed the CVSS v2 access complicity from high to medium. As a result Qualys revised the CVSS score to 4.3 immediately. On 5/4/15 Qualys is also revising the severity to level 3.
RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.
- sslyze_cli.py Fast and full-featured SSL scanner for Python 2.7. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.
As the description mentions: Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security. so any encryption smaller than 128 bits is considered low and weak.
For this purpose we will use the tool sslyze_cli.py
to enumerate the encryption keys confugured in the server.
Command
For SMTP servers, usually port 25
and 587
, use the following command:
sslyze_cli.py --regular --starttls=smtp --hide_rejected_ciphers <Server IP>:<PORT> | grep bits | egrep -i RC4
For HTTP Servers, usually port 443
and 8443
use the following command:
sslyze_cli.py --regular --hide_rejected_ciphers <Server IP>:<PORT> | grep bits | egrep -i RC4
Vulnerable Output
With these command we are filtering the encryption keys and looking for anything that is not 128
or 256
bits. If you have anything similar to this then your server is still vulnerable.
TLS_RSA_WITH_RC4_128_MD5 - 128 bits HTTP 200 OK
TLS_RSA_WITH_RC4_128_MD5 - 128 bits HTTP 200 OK
TLS_RSA_WITH_RC4_128_SHA - 128 bits HTTP 200 OK