SSL/TLS协议信息泄露漏洞(CVE-2016-2183)【原理扫描】

2.2 漏洞详情

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| SSL/TLS协议信息泄露漏洞(CVE-2016-2183)【原理扫描】 【可验证】 |
| | 详细描述 | TLS是安全传输层协议,用于在两个通信应用程序之间提供保密性和数据完整性。 TLS, SSH, IPSec协商及其他产品中使用的IDEA、DES及Triple DES密码或者3DES及Triple 3DES存在大约四十亿块的生日界,这可使远程攻击者通过Sweet32攻击,获取纯文本数据。 <*来源:Karthik Bhargavan Gaetan Leurent 链接:https://www.openssl.org/news/secadv/20160922.txt *> | | 解决办法 | 建议:避免使用IDEA、DES和3DES算法 1、OpenSSL Security Advisory [22 Sep 2016] 链接:https://www.openssl.org/news/secadv/20160922.txt 请在下列网页下载最新版本: https://www.openssl.org/source/ 2、对于nginx、apache、lighttpd等服务器禁止使用DES加密算法 主要是修改conf文件 3、Windows系统可以参考如下链接: https://social.technet.microsoft.com/Forums/en-US/31b3ba6f-d0e6-417a-b6f1-d0103f054f8d/ssl-medium-strength-cipher-suites-supported-sweet32cve20162183?forum=ws2016 https://docs.microsoft.com/zh-cn/troubleshoot/windows-server/windows-security/restrict-cryptographic-algorithms-protocols-schannel | | 验证方法 | 根据SSL/TLS协议信息泄露漏洞(CVE-2016-2183)原理,通过发送精心构造的数据包到目标服务,根据目标的响应情况,验证漏洞是否存在 | | 威胁分值 | 7.5 | | 危险插件 | 否 | | 发现日期 | 2016-08-31 | | CVE编号 | CVE-2016-2183 | | BUGTRAQ | 92630 | | NSFOCUS | 34880 | | CNNVD编号 | CNNVD-201608-448 | | CNCVE编号 | CNCVE-20162183 | | CVSS评分 | 5.0 | | CNVD编号 | CNVD-2016-06765 | |---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |

解决方案:上面已经提到了,服务器是linux系统

一、升级OpenSSL 确保您的OpenSSL库是最新的

默认情况下,使用 OpenSSL 1.0.1g 之前版本的服务器不容易受到攻击

版本升级如果是 1.1.0升级到1.1.0a(最低这个版本)

如果是 1.0.2升级到 1.0.2i

复制代码
OpenSSL 1.1.0 users should upgrade to 1.1.0a
OpenSSL 1.0.2 users should upgrade to 1.0.2i
OpenSSL 1.0.1 users should upgrade to 1.0.1u

二、对于nginx、apache、lighttpd等服务器禁止使用DES加密算法

1.打开Nginx的配置文件,通常位于/etc/nginx/nginx.conf或/usr/local/nginx/conf/nginx.conf。

在配置文件中找到ssl_ciphers参数,该参数用于指定支持的加密算法。

修改ssl_ciphers参数的值,将其设置为不包含DES算法的安全加密算法。例如,你可以将其设置为只支持强加密算法的列表,如下所示:

复制代码
ssl_ciphers EECDH+AESGCM:EECDH+AES256:EECDH+AES128:-DHE-RSA-AES256-SHA:-DHE-RSA-AES128-SHA:-DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

这个例子中,!DES-CBC3-SHA表示不包括DES-CBC3-SHA算法,即不包括DES算法。

保存并关闭配置文件。

重新加载或重启Nginx服务

升级OpenSSL参考

SSL/TLS协议信息泄露漏洞(CVE-2016-2183)【原理扫描】处理-CSDN博客

相关推荐
君鼎2 小时前
安全逆向工程学习路线
安全·逆向·网安
清 晨3 小时前
剖析 Web3 与传统网络模型的安全框架
网络·安全·web3·facebook·tiktok·instagram·clonbrowser
国科安芯3 小时前
抗辐照芯片在低轨卫星星座CAN总线通讯及供电系统的应用探讨
运维·网络·人工智能·单片机·自动化
gx23484 小时前
HCLP--MGER综合实验
运维·服务器·网络
VB5944 小时前
[N1盒子] 斐讯盒子N1 T1通用刷机包(可救砖)
网络
-XWB-4 小时前
【安全漏洞】防范未然:如何有效关闭不必要的HTTP请求方法,保护你的Web应用
服务器·网络·http
画中鸦5 小时前
VRRP的概念及应用场景
网络
jonyleek5 小时前
如何搭建一套安全的,企业级本地AI专属知识库系统?从安装系统到构建知识体系,全流程!
人工智能·安全
MQ_SOFTWARE5 小时前
文件权限标记机制在知识安全共享中的应用实践
大数据·网络
一个网络学徒5 小时前
MGRE综合实验
运维·服务器·网络