Description

The remote host reuses Diffie-Hellman Ephemeral public server keys with (EC)DHE cipher suites.

Remediation

Reconfigure the affected application to always generate new keys when using tmp_dh/tmp_ecdh parameters.

References

Raccoon Attack

Raccoon Attack (Technical Paper, PDF)

Logjam Attack

Logjam Attack (Technical Paper, PDF)

List of SSL OP Flags (see: SSL_OP_SINGLE_DH_USE, SSL_OP_SINGLE_ECDH_USE)

Related Vulnerabilities

Web application default/weak credentials

Django Debug Toolbar

ASP.NET application trace enabled

SSL 2.0 deprecated protocol

Apache Roller OGNL injection

Severity

Info

Classification

CWE-310 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Configuration