Description

The remote host reuses Diffie-Hellman Ephemeral public server keys with (EC)DHE cipher suites.

Remediation

Reconfigure the affected application to always generate new keys when using tmp_dh/tmp_ecdh parameters.

References

Raccoon Attack

Raccoon Attack (Technical Paper, PDF)

Logjam Attack

Logjam Attack (Technical Paper, PDF)

List of SSL OP Flags (see: SSL_OP_SINGLE_DH_USE, SSL_OP_SINGLE_ECDH_USE)

Related Vulnerabilities

SAP weak/predictable user credentials

Version Disclosure (IIS)

ASP.NET ViewStateUserKey Is Not Set

Spring Boot Misconfiguration: MongoDB credentials stored in the properties file

Spring Boot Actuator v2

Severity

Info

Classification

CWE-310 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto