PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Add warning for SWEET32 on CBC with block size <= 64 bits

Browse Source
This commit is contained in:
dmiller
2016-08-24 16:07:57 +00:00
parent fb2fc62a0b
commit fc948c437b
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/ssl-enum-ciphers.nse
View File

@@ -655,6 +655,9 @@ local function find_ciphers_group(host, port, protocol, group, scores)
if info.hash and info.hash == "MD5" then
scores.warnings["Ciphersuite uses MD5 for message integrity"] = true
end
if info.mode and info.mode == "CBC" and info.block_size <= 64 then
scores.warnings[("64-bit block cipher %s vulnerable to SWEET32 attack"):format(info.cipher)] = true
end
if protocol == "SSLv3" and info.mode and info.mode == "CBC" then
scores.warnings["CBC-mode cipher in SSLv3 (CVE-2014-3566)"] = true
elseif info.cipher == "RC4" then