Critical severity is coming to Acunetix Standard & Premium. Find out more on our blog.

WEB APPLICATION VULNERABILITIES Standard & Premium

TLS/SSL (EC)DHE Key Reuse

Description

The remote host reuses Diffie-Hellman Ephemeral public server keys with (EC)DHE cipher suites.

Remediation

Reconfigure the affected application to always generate new keys when using tmp_dh/tmp_ecdh parameters.

References

Raccoon Attack (Technical Paper, PDF)

Logjam Attack (Technical Paper, PDF)

List of SSL OP Flags (see: SSL_OP_SINGLE_DH_USE, SSL_OP_SINGLE_ECDH_USE)

Related Vulnerabilities

MovableType remote code execution

ASP.NET potential HTTP Verb Tampering

Yii2 Gii extension

Magento Cacheleak

Apache mod_negotiation filename bruteforcing

Severity

Info

Classification

CWE-310 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Configuration