Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TLS/SSL (EC)DHE Key Reuse - Vulnerability Database

TLS/SSL (EC)DHE Key Reuse

Description

The remote host reuses Diffie-Hellman Ephemeral public server keys with (EC)DHE cipher suites.

Remediation

Reconfigure the affected application to always generate new keys when using tmp_dh/tmp_ecdh parameters.

References

Raccoon Attack
Raccoon Attack (Technical Paper, PDF)
Logjam Attack
Logjam Attack (Technical Paper, PDF)
List of SSL OP Flags (see: SSL_OP_SINGLE_DH_USE, SSL_OP_SINGLE_ECDH_USE)

Related Vulnerabilities

Insecure Transportation Security Protocol Supported (TLS 1.0) High
Common tags: Configuration Weak Crypto
Insecure Transportation Security Protocol Supported (SSLv2) High
Common tags: Configuration Weak Crypto
Padding oracle attack High
Common tags: Configuration Weak Crypto
TLS/SSL Sweet32 attack Medium
Common tags: Configuration Weak Crypto
Insecure Transportation Security Protocol Supported (TLS 1.1) Information
Common tags: Configuration Weak Crypto

Severity

Information

Classification

CWE-310
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Weak Crypto