Hacker News new | past | comments | ask | show | jobs | submit login
DoS attack against Diffie-Hellman protocol (dheat-attack.com)
2 points by c0r0n3r on Oct 13, 2022 | hide | past | favorite | 2 comments



Who is affected?

Websites, mail servers, and other Transport Layer Security (TLS) dependent services that support Diffie-Hellman key exchange using ephemeral keys (DHE cipher suites) are at risk of the DHEat attack. Services using other cryptographic protocols can also be affected.

* Secure Shell (SSH) services support Diffie-Hellman key exchange methods. * Internet Protocol Security (IPsec) services offer DH groups. * OpenVPN servers support Diffie-Hellman key exchange in the control channel (DHE TLS ciphers).

How bad is it?

The CVSS 3.1 base score of CVE-2002-20001 is 7.5, indicating high severity but is not critical. However, it should be mentioned that a denial-of-service attack affects only availability. Still, confidentiality, integrity, and scope are not is affected and cannot achieve a higher base score. However, an attacker can exploit the vulnerability and perform a denial-of-service attack with a low-bandwidth network connection without authentication, privilege, or user interaction. Along with the fact that this vulnerability cannot be fixed, as it exploits a particularity of the Diffie-Hellman key exchange algorithm, it can be mitigated in some ways.


The right URL is: https://dheatattack.com




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: