My Oracle Support Banner

CVE-2015-4000: Diffie-Hellman moduli less than or equal to 1024 bits security vulnerability (Doc ID 2798596.1)

Last updated on SEPTEMBER 27, 2021

Applies to:

Oracle VM - Version 3.4.6 and later
Linux x86-64

Goal

Remove the "Diffie-Hellman moduli less than or equal to 1024 bits" security vulnerability by Nessus for OVM 3.4.6-2622

Title:
Nessus 83875 SSL/TLS Diffie-Hellman Modulus <= 1024 Bits

Description:
issue: The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
host: ovmm:7002
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
Plugin Output
Vulnerable connection combinations :

SSL/TLS version : TLSv1.2
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.2
Cipher suite : TLS1_DHE_RSA_WITH_AES_128_CBC_SHA256
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

Reason for Change:
Nessus 83875

=========================

SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman
moduli less than or equal to 1024 bits. Through cryptanalysis, a third party
may be able to find the shared secret in a short amount of time (depending on
modulus size and attacker resources). This may allow an attacker to recover
the plaintext or potentially violate the integrity of connections.
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or
greater.
See Also
https://weakdh.org/
Output
Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
Hosts
7002 / tcp / ldap
<ovmm hostname>.ie.oracle.com

Plugin Details

Severity:Low
ID:83875
Version:1.20
Type:remote
Family:Misc.
Published:May 28, 2015
Modified:November 15, 2018
Risk Information
Risk Factor: Low
CVSS v3.0 Base Score 3.7
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Base Score: 2.6
CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:openssl:openssl
Vulnerability Pub Date: May 20, 2015
In the news: true
Reference Information
BID: 74733
CVE: CVE-2015-4000

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.