DTLS: Deprecated DTLSv1.0 Detection

2024-01-0900:00:00

plugins.openvas.org

ssl and tls

freak

factoring attack on rsa-export keys padding oracle

eavesdrop

cryptographic flaws

security updates

encrypted communication

rfc8996

rfc7457

mitigation.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

High

EPSS

0.948

Percentile

99.3%

JSON

It was possible to detect the usage of the deprecated DTLSv1.0
protocol on this system.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.102092");
  script_version("2024-01-29T05:05:18+0000");
  script_tag(name:"last_modification", value:"2024-01-29 05:05:18 +0000 (Mon, 29 Jan 2024)");
  script_tag(name:"creation_date", value:"2024-01-09 10:20:29 +0000 (Tue, 09 Jan 2024)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_cve_id("CVE-2015-0204");

  script_tag(name:"qod_type", value:"remote_app");

  script_tag(name:"solution_type", value:"Mitigation");

  script_name("DTLS: Deprecated DTLSv1.0 Detection");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SSL and TLS");
  script_dependencies("gb_dtls_detect.nasl");
  script_mandatory_keys("dtls/detected");

  script_tag(name:"summary", value:"It was possible to detect the usage of the deprecated DTLSv1.0
  protocol on this system.");

  script_tag(name:"vuldetect", value:"Check the used DTLS protocols of the services provided by this
  system.");

  script_tag(name:"insight", value:"The DTLSv1.0 protocol contains known cryptographic
  flaws like:

  - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
  Encryption (FREAK)

  Note: Unlike for TLS there was now DTLSv1.1 protocol version and thus this VT isn't testing for
  this version.");

  script_tag(name:"impact", value:"An attacker might be able to use the known cryptographic flaws
  to eavesdrop the connection between clients and the service to get access to sensitive data
  transferred within the secured connection.

  Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
  anymore.");

  script_tag(name:"affected", value:"All services providing an encrypted communication using the
  DTLSv1.0 protocol.");

  script_tag(name:"solution", value:"It is recommended to disable the deprecated DTLSv1.0
  protocol in favor of the DTLSv1.2+ protocols. Please see the references for more
  information.");

  script_xref(name:"URL", value:"https://datatracker.ietf.org/doc/html/rfc8996");
  script_xref(name:"URL", value:"https://datatracker.ietf.org/doc/html/rfc7457");

  exit(0);
}

include("dtls_func.inc");
include("port_service_func.inc");
include("host_details.inc");

if( ! port = service_get_port( nodefault:TRUE, ipproto:"udp", proto:"dtls" ) )
  exit( 0 );

if ( ! supported = get_kb_item( "dtls/" + port + "/supported" ) )
  exit( 0 );

if( "DTLSv1.0" >< supported ) {

  # Store link between this and gb_dtls_detect.nasl
  # nb: We don't use the host_details.inc functions in both so we need to call this directly.
  register_host_detail( name:"detected_by", value:"1.3.6.1.4.1.25623.1.0.145817" ); # gb_dtls_detect.nasl
  register_host_detail( name:"detected_at", value:port + "/udp" );

  security_message( port:port, data:"The service is providing the deprecated DTLSv1.0 protocol.", proto:"udp" );
  exit( 0 );
}

exit( 99 );