Cyber Security Blog

Its All About Ethics

TLS Based Attacks

TLS Attacks

This is a follow up article which is titled as “Are TLS vulnerabilities considered critical for internal network?”

We are listing a whole slew of attacks which originated with one thing in mind – to break SSL/TLS. At the time of this writing, the most secure version is TLS 1.3 and TLS 1.2 is highly secure but soon to be upgraded to TLS 1.3. List below is purely informative. If you run any cyber security tool against your IT infrastructure and found any of these vulnerabilities, the only fixation is to upgrade TLS of that device either to TLS 1.3, or at least to TLS 1.2.

1. POODLE (Padding Oracle On Downgraded Legacy Encryption)

TLS Versions Affected: SSL 3.0

Technical Details:

  • POODLE is a vulnerability in the SSL 3.0 protocol, but it can impact systems that support both SSL 3.0 and newer TLS versions.
  • Exploits involve downgrading the connection to SSL 3.0 and using a padding oracle attack to decrypt secure HTTP cookies.

2. BEAST (Browser Exploit Against SSL/TLS)

TLS Versions Affected: TLS 1.0

Technical Details:

  • BEAST is an attack on the CBC (Cipher Block Chaining) mode of encryption in TLS 1.0.
  • Exploits involve predicting the Initialization Vector (IV) and decrypting parts of the communication between a user and a server.

3. Sweet32

TLS Versions Affected: TLS and SSL using 3DES cipher suites

Technical Details:

  • Sweet32 is a vulnerability associated with the use of 3DES (Triple DES) cipher suites in TLS and SSL protocols.
  • Exploits involve the exploitation of birthday bound collisions in the 64-bit block cipher, leading to the interception of sensitive data.

4. Heartbleed

TLS Versions Affected: OpenSSL implementation (not a flaw in TLS itself)

Technical Details:

  • Heartbleed is a vulnerability in the OpenSSL cryptographic software library.
  • It allows an attacker to read sensitive data from the memory of the server, potentially exposing private keys and other confidential information.

5. FREAK (Factoring RSA Export Keys)

TLS Versions Affected: SSL/TLS using export-grade ciphers

Technical Details:

  • FREAK is a vulnerability that allows attackers to force the use of weak “export-grade” encryption, enabling them to decrypt the communication.
  • Exploits involve downgrading the encryption to export-grade ciphers and then performing a Man-in-the-Middle attack.

6. DROWN (Decrypting RSA with Obsolete and Weakened eNcryption)

TLS Versions Affected: SSLv2

Technical Details:

  • DROWN is a cross-protocol attack that targets the SSLv2 protocol, allowing attackers to decrypt modern TLS connections.
  • It involves exploiting the SSLv2 protocol’s weak key exchange method.

7. CRIME (Compression Ratio Info-leak Made Easy)

TLS Versions Affected: TLS with compression enabled

Technical Details:

  • CRIME is an attack that targets the compression mechanism in TLS. It allows an attacker to recover parts of the plaintext by observing the size of the compressed ciphertext.
  • Exploits involve manipulating the compression ratio to deduce information about the plaintext.

8. BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext)

TLS Versions Affected: TLS with compression enabled

Technical Details:

  • BREACH is a variant of the CRIME attack, focusing on exploiting the compression of HTTP responses.
  • Attackers can use crafted requests to deduce information from the compressed responses, potentially leading to the exposure of sensitive data.

9. Lucky13

TLS Versions Affected: TLS 1.0 and TLS 1.1

Technical Details:

  • Lucky13 is a timing attack that targets the implementation of the CBC mode of encryption in TLS.
  • Exploits involve exploiting timing differences to recover plaintext.

10. SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes)

TLS Versions Affected: TLS with SHA-1 or MD5

Technical Details:

  • SLOTH is an attack that targets the use of weak hash functions (SHA-1 or MD5) in the transcript hash of the TLS protocol.
  • Exploits involve exploiting vulnerabilities in the hash function, leading to security losses.

11. Logjam

TLS Versions Affected: Diffie-Hellman key exchange in TLS

Technical Details:

  • Logjam is a vulnerability in the Diffie-Hellman key exchange protocol used in TLS.
  • Attackers can force the use of weak 512-bit export-grade keys, enabling them to downgrade the connection and potentially decrypt traffic.

12. Poodle (Padding Oracle On Downgraded Legacy Encryption) for TLS

TLS Versions Affected: SSL 3.0 and some implementations affecting TLS 1.0 and higher

Technical Details:

  • Poodle also affects TLS when an attacker can force a connection to use SSL 3.0.
  • The attack involves exploiting the padding oracle to decrypt secure HTTP cookies and gain unauthorized access.

13. BLEichenbacher’s ROBOT (Return Of Bleichenbacher’s Oracle Threat)

TLS Versions Affected: RSA key exchange in TLS

Technical Details:

  • This attack is a variation of the original Bleichenbacher attack and targets the RSA key exchange.
  • Exploits involve using a padding oracle to decrypt encrypted messages and potentially compromise the confidentiality of the communication.

14. GoldenEye (ROBOT Attack Variant)

TLS Versions Affected: RSA key exchange in TLS

Technical Details:

  • GoldenEye is a variant of the ROBOT attack that affects RSA key exchange in TLS.
  • It exploits weaknesses in the RSA key exchange to recover the session key and decrypt the communication.

15. DragonBlood

TLS Versions Affected: WPA3 handshake in Wi-Fi networks (not directly TLS, but related)

Technical Details:

  • DragonBlood attacks the WPA3 protocol’s Dragonfly handshake, which is used to secure Wi-Fi networks.
  • Exploits involve side-channel attacks on the password-authenticated key exchange.

16. SWEET32 (Birthday Attacks on 3DES)

TLS Versions Affected: TLS and SSL using 3DES cipher suites

Technical Details:

  • SWEET32 is associated with the use of 3DES (Triple DES) cipher suites in TLS and SSL protocols.
  • Exploits involve birthday-bound collisions in the 64-bit block cipher, potentially leading to the interception of sensitive data.

17. CacheBleed

TLS Versions Affected: Intel CPUs with Hyper-Threading

Technical Details:

  • CacheBleed is a side-channel attack that targets Intel CPUs with Hyper-Threading.
  • It exploits the sharing of cache resources between hyper-threading siblings to leak sensitive information.

18. Zombie POODLE

TLS Versions Affected: TLS 1.2 with CBC-mode ciphers

Technical Details:

  • Zombie POODLE is a variant of the original POODLE attack and affects TLS 1.2 with CBC-mode ciphers.
  • It exploits padding oracle vulnerabilities to decrypt parts of the communication.

19. SLOTH (Cryptanalysis of Transport Layer Security)

TLS Versions Affected: TLS using weak hash functions (SHA-1 or MD5)

Technical Details:

  • SLOTH targets the use of weak hash functions (SHA-1 or MD5) in the transcript hash of the TLS protocol.
  • Exploits involve exploiting vulnerabilities in the hash function, leading to security losses.

20. CVE-2021-3449 (Cipher downgrade attack on TLS)

TLS Versions Affected: OpenSSL (various versions)

Technical Details:

  • This vulnerability in OpenSSL allows an attacker to force the usage of weak cipher suites, potentially leading to security issues.

Related Posts