Description

The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers.

Remediation

Reconfigure the affected SSL/TLS server to disable support for obsolete 64-bit block ciphers.

References

Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN

Related Vulnerabilities

Elmah.axd / Errorlog.axd Detected

Grails database console

Verb tampering via misconfigured security constraint

Apache Spark Web UI Unauthorized Access Vulnerability

An Unsafe Content Security Policy (CSP) Directive in Use

Severity

Medium

Classification

CVE-2016-2183 CVE-2016-6329 CWE-310 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto