SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish

SUMMARY

Symantec Network ProtectionSy products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack. A remote attacker with the ability to observe a long-lived encrypted connection can obtain plaintext, such as authentication credentials, without knowing the secret encryption key.

AFFECTED PRODUCTS

The following products are vulnerable for the interfaces listed:

Advanced Secure Gateway (ASG)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 7.1 and later (SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, SSL device profiles) | See Mitigation section for instructions to disable the vulnerable ciphers for all interfaces.
6.7 (SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, SSL device profiles, SSL connections to Symantec, MAA, and Lastline) | A fix for connections to Symantec, MA, and Lastline is available in 6.7.4.9. See Mitigation section for instructions to disable vulnerable ciphers for other interfaces.
6.6 (SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, SSL device profiles, SSL connections to Symantec, MAA, and Lastline) | A fix for connections to Symantec, MA, and Lastline will not be provided. Upgrade to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for other interfaces.

BCAAA

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 6.1 (LDAPS connections for Novell SSO realm authentication) | A fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information.

CacheFlow

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 3.4 (SSH management console, HTTPS management console, SSL device profiles) | Upgrade to 3.4.2.9 for fixes for the SSH management console. See Mitigation section for instructions to disable vulnerable ciphers in remaining interfaces.

Client Connector

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 1.6 (SSL connections to WSS). The connections are short-lived and do not contain sufficient amount of encrypted plaintext to exploit this vulnerability. | Upgrade to latest release of Unified Agent with fixes. See Mitigation section for instructions to disable vulnerable ciphers for Client Connector for Windows.

Cloud Data Protection (CDP) for Salesforce

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | All versions (all SSL interfaces) | See Mitigation section for instructions to disable vulnerable ciphers for all SSL interfaces.

Cloud Data Protection (CDP) for Salesforce Analytics

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | All versions (all SSL interfaces) | See Mitigation section for instructions to disable vulnerable ciphers for all SSL interfaces.

Cloud Data Protection (CDP) for ServiceNow

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | All versions (all SSL interfaces) | See Mitigation section for instructions to disable vulnerable ciphers for all SSL interfaces.

Cloud Data Protection (CDP) Communication Server

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | All versions (all SSL interfaces) | See Mitigation section for instructions to disable vulnerable ciphers for all SSL interfaces.

Cloud Data Protection (CDP) Integration Server

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | All versions (all SSL interfaces) | See Mitigation section for instructions to disable vulnerable ciphers for all SSL interfaces.

Cloud Data Protection (CDP) Policy Builder

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | All versions (all SSL interfaces) | See Mitigation section for instructions to disable vulnerable ciphers for all SSL interfaces.

Content Analysis System (CAS)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 2.4 and later | Not vulnerable, fixed in 2.4.1.1.
2.3 (SSL connections to Symantec, MAA, Lastline, secure ICAP server) | A fix for connections to Symantec, MA, and Lastline will not be provided. Update to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for secure ICAP server.
2.2 (SSL connections to Symantec, MAA, Lastline, secure ICAP server) | A fix for connections to Symantec, MA, and Lastline will not be provided. Update to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for secure ICAP server.
2.1 (SSL connections to Symantec, MAA, Lastline, secure ICAP server) | A fix for connections to Symantec, MA, and Lastline will not be provided. Update to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for secure ICAP server.
1.3 (HTTPS management console, SSH management CLI, secure ICAP server, SSH connections to FireEye AX, SFTP connections to Reporter, LDAPS connections, SSL connections to Symantec, MAA, and Lastline. | A fix will not be provided. Update to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for secure ICAP server. Upgrade to later release for fixes for remaining interfaces.

Director

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 6.1 (SSH CLI, SSH connections to ProxySG and other Director appliances, SSL connections to Symantec, software update downloads) | Upgrade to a version of MC with the fixes.

IntelligenceCenter (IC)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 3.3 (web UI, SSL connections from and to IntelligenceCenter Data Collector, and SSL connections to PacketShaper) | Upgrade to a version of NetDialog NetX with fixes.

IntelligenceCenter Data Collector

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 3.3 (web UI, SSL connections from and to IntelligenceCenter, and SSL connections to PacketShaper) | Upgrade to a version of NetDialog NetX with fixes.

Mail Threat Defense (MTD)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 1.1 (HTTPS management console, SSH management CLI, SSH connections to FireEye AX, SFTP connections to Reporter, LDAPS connections, SSL connections to Symantec, MAA, and Lastline) | Upgrade to a version of CAS and SMG with the fixes.

Malware Analysis Appliance (MAA)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 4.2 (management CLI, SSL connections to Symantec) | Upgrade to 4.2.11 for fixes for management CLI. Upgrade to a version of Content Analysis with a fix for SSL connections to Symantec.

Management Center (MC)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 1.10 and later | Not vulnerable, fixed in 1.10.1.1
1.9 (SSL connections to Symantec) | Upgrade to later release with fixes.
1.7, 1.8 (management CLI, SSH failover connections, SSL connections to Symantec) | Upgrade to later release with fixes.

Norman Shark Industrial Control System Protection (ICSP)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 5.3 (management CLI, web UI) | See Mitigation section for instructions to disable vulnerable ciphers.

Norman Shark Network Protection (NNP)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 5.3 (management CLI, web UI) | See Mitigation section for instructions to disable vulnerable ciphers.

Norman Shark SCADA Protection (NSP)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 5.3 (management CLI, web UI) | See Mitigation section for instructions to disable vulnerable ciphers.

PacketShaper (PS)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 9.2 (management CLI, all SSL interfaces) | Upgrade to 9.2.13p2. 3DES support for LDAPS connections is required by the Oracle Directory Server.

PacketShaper (PS) S-Series

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 11.8 and later (web UI, SSL connections to Symantec, LDAPS connections to PolicyCenter S-Series) | See Mitigation section for instructions to disable vulnerable ciphers for web UI. A fix for the remaining interfaces will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes.
11.5, 11.6, 11.7 (web UI, management CLI, SSL connections to Symantec, LDAPS connections to PolicyCenter S-Series) | See Mitigation section for instructions to disable vulnerable ciphers for web UI. A fix for the remaining interfaces will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes.

PolicyCenter (PC)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 9.2 (management CLI, all SSL interfaces) | Upgrade to 9.2.13p2. 3DES support for LDAPS connections is required by the Oracle Directory Server.

PolicyCenter (PC) S-Series

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 1.1 (web UI, management CLI, SSL connections to Symantec, LDAPS server) | Upgrade to 1.1.2.2 for fix for the LDAPS server. See Mitigation section for instructions to disable vulnerable ciphers for web UI. A fix for the remaining interfaces will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes.

ProxyAV

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 3.5 (HTTPS management console, secure ICAP server, SSL clients connections) | See Mitigation section for instructions to disable vulnerable ciphers.

ProxyClient

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 3.4 (SSL connections to ProxySG). The connections are short-lived and do not contain sufficient amount of encrypted plaintext to exploit this vulnerability. | Upgrade to latest release of Unified Agent with fixes. See Mitigation section for instructions to disable vulnerable ciphers for ProxyClient for Windows.

ProxySG

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 6.7 and later (SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, SSL device profiles) | See Mitigation section for instructions to disable vulnerable ciphers for all interfaces.
6.6 (SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, SSL device profiles) | Upgrade to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for all interfaces.
6.5 (SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, SSL device profiles) | Upgrade to later release with fixes. See Mitigation section for instructions to disable vulnerable ciphers for all interfaces.

Reporter

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 10.5, 10.6 (LDAPS client connections) | Not available at this time
10.2, 10.3, 10.4 (LDAPS client connections) | Upgrade to later releases with fixes.
10.1 (HTTPS management console, SSH management CLI, FTPS server, LDAPS client connections, SSL connections to Symantec) | Upgrade to 10.1.5.4 for a fix for SSH management CLI and SSL connections to Symantec. A fix for remaining interfaces will not be provided. Upgrade to later releases with fixes.
9.5 (HTTPS management console, LDAPS client connections) | Upgrade to 9.5.3.5 for fix for HTTPS management console. A fix for LDAPS client connections will not be provided. Upgrade to later releases with fixes. See Mitigation section for instructions to disable vulnerable ciphers.

Security Analytics

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 7.2 (LCS server, email alerts, BCWF database downloads, and data enrichment connections to WRS, FRS, VirusTotal, SANS ISC IP, and Google Safe Browsing) | Upgrade to later release with fixes.
7.3 (LCS server, syslog connections, email alerts, BCWF database downloads, and data enrichment connections to WRS) | Upgrade to later release with fixes.
7.3 (data enrichment connections to FRS, VirusTotal, SANS ISC IP, and Google Safe Browsing) | Upgrade to 7.3.2.
8.0 (LCS server, syslog connections, email alerts, Splunk Phantom alerts, ICDx alerts, BCWF database downloads, and data enrichment connections to WRS and Content Analysis) | Upgrade to later release with fixes.
8.1, 8.2 (LCS server, syslog connections, email alerts, Splunk Phantom alerts, ICDx alerts, BCWF database downloads, and data enrichment connections to WRS and Content Analysis) | Not available at this time.

SSL Visibility (SSLV)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 4.1 and later | Not vulnerable, fixed in 4.1.1.1.
4.0 (SMTP alerts, Host Categorization database downloads) | Upgrade to later release with fixes.
3.12 | Not vulnerable, fixed in 3.12.1.1.
3.11 (Host Categorization database downloads) | Upgrade to 3.11.4.1.
3.10 (SMTP alerts, Host Categorization database downloads) | Upgrade to 3.10.2.2 for a fix for SMTP alerts. Fix for Host Categorization database download not available at this time.
3.9 (SMTP alerts, Host Categorization database downloads) | Upgrade to 3.9.7.1 for a fix for SMTP alerts. Upgrade to later release for a fix for Host Categorization database downloads.
3.8.4FC (SMTP alerts, Host Categorization database downloads) | Upgrade to later releases with fixes.

Unified Agent (UA)

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 4.8 and later | Not vulnerable, fixed in 4.8.0
4.1, 4.6, 4.7 (connections to ProxySG, WSS) | Upgrade to later release with fixes.

X-Series XOS

CVE |Affected Version(s)|Remediation
CVE-2016-2183 | 9.7, 10.0, 11.0 (web UI, CLI) | A fix will not be provided.

ADDITIONAL PRODUCT INFORMATION

The Symantec HSM Agent for the Luna SP is not vulnerable to Sweet32, but the underlying Apache Tomcat server on the SafeNet LunaSP3 may be vulnerable. Customers should contact SafeNet for more information about Sweet32.

The following products are not vulnerable:
Android Mobile Agent
AuthConnector
Cloud Data Protection for Oracle Sales Cloud
General Auth Connector Login Application
K9
ProxyAV ConLog and ConLogXP ****Symantec HSM Agent for the Luna SP ********Unified Agent
Web Isolation
****WSS Agent

Symantec no longer provides vulnerability information for the following products:

Blue Coat DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.

ISSUES

Symantec products that support DES, 3DES, or Blowfish block symmetric encryption ciphers in long-lived SSL/TLS, SSH, and VPN connections are vulnerable to the Sweet32 birthday attack. CVE-2016-6329 identifies the Sweet32 attack against OpenVPN implementations that use the Blowfish cipher. CVE-2016-2183 identifies the Sweet32 attack against SSL/TLS, SSH, and other VPN implementations that use the DES and 3DES ciphers.

Block symmetric encryption ciphers have a limit on the number of blocks of plaintext that can be securely encrypted with the same key. This limit stems from the “birthday paradox” and is known as the birthday bound. The birthday bound depends on the cipher block size and is 2N/2 blocks for a cipher with block size N and a cipher mode such as CBC. If two communicating parties encrypt plaintext with the same key and reach the birthday bound, there is a significant probability for ciphertext collisions, where two different plaintexts are encrypted to the same ciphertext. When the CBC block cipher mode is used, each ciphertext collision reveals the XOR of the two plaintexts that were encrypted.

The DES, 3DES, and Blowfish encryption ciphers use block size of 64 bits. It is sufficient to encrypt 32GB of plaintext with the same key to reach the birthday bound. The SSL/TLS, SSH, and VPN protocols support encryption with 64-bit block ciphers in CBC mode and do not renegotiate encryption keys within the same secure session. If two communicating parties exchange a sufficient amount of data over a long-lived SSL/TLS, SSH, or VPN session, a man-in-the-middle (MITM) attacker can obtain XORs of pairs of plaintext. If the attacker can control or guess one of the plaintexts, they can obtain the other plaintext without knowing the secret encryption key.

CVE-2016-2183

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID / NVD: CVE-2016-2183 Impact | Information disclosure

CVE-2016-6329

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID / NVD: CVE-2016-6329 Impact | Information disclosure

MITIGATION

Symantec’s ProxySG appliance can be used to prevent attacks using CVE-2016-2183. Customers using ProxySG as a forward proxy can protect SSL clients and servers by blocking in policy SSL flows that use 3DES cipher suites. ProxySG 6.5 and 6.6 customers can use the following CPL syntax:

<SSL>
client.connection.negotiated_cipher=list-of_DES_and_DES-CBC3_ciphers deny
<SSL>
server.connection.negotiated_cipher=list_of_DES_and_DES-CBC3_ciphers deny

Symantec’s SSLV appliance can also be used to prevent attacks using CVE-2016-2183. Customers using SSLV in inline deployments can protect SSL clients and servers by blocking in policy SSL flows that use 3DES cipher suites. SSLV 3.x customers can use the following configuration steps:

1. Open the Policies > Cipher Suites Lists web UI page and create a new cipher suites list.
2. Select the new cipher suites list and use the Add button in the Cipher Suites panel repeatedly to add all DES and 3DES cipher suites to the list. The cipher suites have the strings “DES” and "3DES" in their names.
3. In the Policies > Rulesets web UI page, select the desired ruleset and add a "Drop" or "Reject" rule using the new cipher suites list. If necessary, re-order the rules in the ruleset to ensure that the new rule has the correct priority.

CacheFlow
CVE-2016-2183 can be remediated on CacheFlow by ensuring that 3DES cipher suites are disabled for the HTTPS management console and all SSL device profiles. Customers should use the following steps in configuration mode to disables all 3DES cipher suites:

#(config) management-services
#(config management-services) edit HTTPS-Console
#(config HTTPS-Console) attribute cipher-suite _list_excluding_DES_and_DES-CBC3_cipher_suites_
#(config HTTPS-Console) exit
#(config management-services) exit
#(config) ssl
#(config ssl) edit ssl-device-profile _profile_name_
#(config device-profile _profile_name_) cipher-suite _list_excluding_DES_and_DES-CBC3_cipher_suites_
#(config device-profile _profile_name_) exit
#(config ssl) exit

There are not mitigations available for SSH management console.

Client Connector
CVE-2016-2183 can be remediated on Client Connector for Windows by disabling 3DES cipher suites for SSL client connections. Customers can use the “Local Computer Policy/Computer Configuration/Administrative Templates/Network/SSL Configuration Settings/SSL Cipher Suite Order” setting in the Windows Local Group Policy Editor (gpedit.msc) to disable 3DES cipher suites.

Cloud Data Protection (CDP)
CVE-2016-2183 can be remediated on CDP by disabling 3DES cipher suites for all SSL interfaces. Customers can add the “DESede” algorithm name to the jdk.tls.disabledAlgorithms JVM property for all CDP components.

Content Analysis System (CAS)
CVE-2016-2183 can be remediated on CAS by disabling 3DES cipher suites for the secure ICAP server. To view the enabled SSL cipher suites, access the CAS management console and navigate to the “Settings > ICAP” page. Deselect all DES-CBC3 cipher suites under “Cipher Selection” and save the changes.

Norman Shark Industrial Control System Protection (ICSP)
Norman Shark Network Protection (NNP)
Norman Shark SCADA Protection (NSP)
CVE-2016-2183 can be remediated on ICSP, NNP, and NSP by disabling 3DES and Blowfish for the web UI and CLI. Customers should remove DES-CBC3-SHA from the ssl_ciphers list in the nginx web server configuration file, add the following line to the SSH daemon configuration file:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr

and reboot the system.

PacketShaper (PS) S-Series
CVE-2016-2183 can be remediated on PacketShaper S-Series by disabling 3DES for the web UI. Customers should use the following CLI command:

sys set useStrongCiphers 1

PolicyCenter (PC) S-Series
CVE-2016-2183 can be remediated on PolicyCenter S-Series by disabling 3DES for the web UI. Customers should use the following CLI command:

pc setup ssl strength strong

ProxyAV
CVE-2016-2183 can be remediated on ProxyAV by disabling 3DES cipher suites for SSL clients, the management console and the secure ICAP server. To view the enabled SSL cipher suites, access the ProxyAV management console. Navigate to “Advanced/SSL Client” for the SSL client settings, “Network/Ciphers suite lists for HTTPS administration” for the management console settings and “ICAP Settings” for the secure ICAP server settings. Deselect all DES-CBC3 cipher suites and save the changes on each of these pages.

ProxyClient
CVE-2016-2183 can be remediated on ProxyClient for Windows by disabling 3DES cipher suites for SSL client connections. Customers can use the “Local Computer Policy/Computer Configuration/Administrative Templates/Network/SSL Configuration Settings/SSL Cipher Suite Order” setting in the Windows Local Group Policy Editor (gpedit.msc) to disable 3DES cipher suites.

Advanced Secure Gateway (ASG)
ProxySG
CVE-2016-2183 can be remediated for the SSH management console, HTTPS management console, SSL reverse proxy, and SSL device profiles on ASG and ProxySG by disabling Blowfish, DES, and 3DES ciphers. Customers can use the following CLI commands in configuration mode:

#(config) ssh-console
#(config ssh-console) ciphers remove 3des-cbc
#(config ssh-console) ciphers remove blowfish-cbc
#(config ssh-console) exit
#(config) management-services
#(config management-services) edit HTTPS-Console
#(config HTTPS-Console) attribute cipher-suite
_<select_list_excluding_DES_and_DES-CBC3_cipher_suites>_
#(config HTTPS-Console) exit
#(config management-services) exit
#(config) proxy-services
#(config proxy-services) edit _service_name_
#(config _service_name_) attribute cipher-suite
_<select_list_excluding_DES_and_DES-CBC3_cipher_suites>_
#(config _service_name_) exit
#(config proxy-services) exit
#(config) ssl
#(config ssl) edit ssl-device-profile _profile_name_
#(config device-profile _profile_name_) cipher-suite
_<select_list_excluding_DES_and_DES-CBC3_cipher_suites>_
#(config device-profile _profile_name_) exit
#(config ssl) exit

DES and 3DES cipher suites cannot be disabled for the SSL forward proxy. ProxySG 6.5 and 6.6 customers can use the following CPL syntax in policy to block intercepted SSL flows that use DES and 3DES cipher suites:

<SSL>
client.connection.negotiated_cipher=_list_of_DES_and_DES-CBC3_cipher_suites_ deny
<SSL>
server.connection.negotiated_cipher=_list_of_DES_and_DES-CBC3_cipher_suites_ deny

Reporter
CVE-2016-2183 can be remediated on Reporter by disabling 3DES for the HTTPS management console and LDAPS client connections. Customers can add the following cipher_list line to preferences.cfg to disable 3DES cipher suites for the HTTPS management console:

protocols = {
  http = {
    ssl = {
      ...
      cipher_list="!DES:!3DES"
      ...
    } # ssl
  } # http
}

Reporter 9.x customers can edit settings/preferences.cfg directly in the Reporter 9.x installation directory. Reporter 10.1 customers can edit preferences.cfg using the CLI:

Reporter> enable
Admin password:
Reporter# stop-reporter
Are you sure you want to stop Reporter (this could take several minutes - or more)? [y/N] y
..............................bcreporter stop/waiting
Reporter# configure edit preferences.cfg
<edit preferences.cfg in text editor>
"settings/preferences.cfg" 193 lines, 4960 characters written
Changes to preferences.cfg:
32a33
>         cipher_list = "!DES:!3DES"
Reporter# configure commit preferences.cfg
Reporter# start-reporter
Starting Reporter will discard any uncommitted configuration file changes you have made.
Are you sure you want to start Reporter? [y/N] y
Reporter starting..........

Reporter 9.x for Windows uses the Windows LDAP API for LDAPS client connections. Customers can ensure that DES and 3DES cipher suites are disabled for the Microsoft Schannel Provider. There is no workaround to disable 3DES cipher suites for LDAPS client connections in Reporter 10.x.

Unified Agent
CVE-2016-2183 can be remediated on Unified Agent for Windows by disabling DES and 3DES cipher suites for SSL client connections. Customers can use the “Local Computer Policy/Computer Configuration/Administrative Templates/Network/SSL Configuration Settings/SSL Cipher Suite Order” setting in the Windows Local Group Policy Editor (gpedit.msc) to disable DES and 3DES cipher suites.

REFERENCES

Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN - https://sweet32.info

REVISION

2021-08-27 Unified Agent is not vulnerable.
2021-08-18 WSS Agent is not vulnerable.
2021-07-13 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-02-17 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-11-16 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-06-03 Security Analytics 7.2, 7.3, 8.0, and 8.1 are vulnerable.
2020-04-30 Fixes for ProxySG 6.5 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-04-27 ASG 7.1 and later may enable vulnerable ciphers for the SSH management console, HTTPS management console, SSL forward proxy, SSL reverse proxy, and SSL device profiles. See Mitigation section for instructions to disable the vulnerable ciphers for all interfaces. Reporter 10.5 enables 3DES for LDAPS client connections. A fix will not be provided for Reporter 10.3. Please upgrade to a later version with the vulnerability fixes.
2020-04-04 A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Please switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Please switch to a version of NetXplorer with the vulnerability fixes.
2020-01-19 A fix for SSL connectios to Symantec will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes.
2019-10-03 Web Isolation is not vulnerable.
2019-09-27 A fix for ASG 6.7 is available in 6.7.4.9. CA 2.4 is not vulnerable because a fix is available in 2.4.1.1.
2019-08-24 Reporter 10.3 and 10.4 enable 3DES for LDAPS client connections.
2019-08-20 A fix for IntelligenceCenter (IC) 3.3 and IntelligenceCenter Data Collector (DC) 3.3 will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes.
2019-08-08 A fix for Reporter 9.5 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-08-07 A fix for ASG 6.6 and ProxySG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-01-11 A fix for connections to Symantec MA, and Lastline will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-07-28 A fix for MA 4.2 management CLI is available in 4.2.11.
2018-07-23 A fix to disable 3DES for the SSH management console in CacheFlow is available in 3.4.2.9.
2018-04-22 Reporter 10.2 enables 3DES for LDAPS client connections.
2018-04-06 A fix to disable 3DES for SMTP alerts in SSLV 3.9 is available in 3.9.7.1.
2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1.
2017-11-13 PS S-Series 11.8 and 11.9 enable 3DES for SSL connections to Blue Coat and LDAPS connections to PolicyCenter S-Series. 3DES cannot be disabled for those interfaces. PS S-Series 11.8 and 11.9 disable 3DES by default for the web UI. See Workarounds section for instructions to ensure that 3DES is disabled for the web UI.
2017-11-08 CAS 2.2 enables 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. It disables 3DES by default for the secure ICAP server.
2017-11-06 ASG 6.7 disables 3DES and Blowfish by default for the SSH management console. It also disables 3DES by default for the HTTPS management console, SSL reverse proxy, and SSL device profiles. ASG 6.7 also enables DES and 3DES by default for the SSL forward proxy. See Workarounds section for instructions to disable the insecure ciphers for these interfaces. ASG 6.7 also enables 3DES by default for connections to Blue Coat, Malware Analysis, and Lastline. 3DES cannot be disabled.
2017-08-03 SSLV 4.1 is not vulnerable because a fix is available in 4.1.1.1.
2017-07-27 3DES is disabled for the Reporter 9.5 HTTPS management console in 9.5.3.5.
2017-07-23 MC 1.10 is not vulnerable because a fix is available in 1.10.1.1. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-07-18 Reporter 10.1 also enables 3DES for the FTPS server. 3DES cannot be disabled.
2017-07-13 Reporter 9.4 and 9.5 enable 3DES for the HTTPS management console and LDAPS client connections. 3DES can be disabled for both interfaces. See Workarounds section for instructions. Reporter 10.1 enables 3DES for the HTTPS management console and LDAPS client connections. Reporter 10.1 prior to 10.1.5.4 also enables 3DES for the SSH management CLI and SSL connections to Blue Coat. 3DES cannot be disabled.
2017-07-10 A fix for SSLV 3.11 is available in 3.11.4.1.
2017-06-27 It was previously reported that SSLV 3.9 (3.9.7.1 and later), 3.10 (3.10.2.1 and later), 3.11, and 4.0 do not enable 3DES for Host Categorization database downloads. Further investigation indicates that SSLV 3.9, 3.10, 3.11, and 4.0 enable 3DES for Host Categorization.
2017-06-20 Added CVE-2016-6329 to Security Advisory.
2017-05-29 UA 4.8 is not vulnerable because a fix is available in 4.8.0.
2017-05-18 CAS 2.1 enables 3DES for SSL connections to Blue Coat, Malware Analysis, and Lastline. It disables 3DES by default for the secure ICAP server. CDP-SFDC 4.12, CDP-SNOW 4.12, CDP-COMMSVR 4.12, and CDP-INTSVR 4.12 disable 3DES by default for all SSL interfaces on newly initialized systems.
2017-03-30 MC 1.9 enables 3DES for SSL connections to Blue Coat.
2017-03-16 A fix for SSLV 3.10 is available in 3.10.2.1.
2017-03-08 ProxySG 6.7.1.1 disables 3DES and Blowfish by default for the SSH management console. It also disables 3DES by default for the HTTPS management console, HTTPS reverse proxy, and SSL device profiles. The algorithms are disabled only for newly initialized systems - see Workarounds section for instructions to ensure that 3DES and Blowfish are disabled after a software upgrade.
2017-03-08 MC 1.8 enables 3DES for the management CLI, SSH failover connections, and SSL connections to Blue Coat. SSLV 4.0 enables 3DES for SSL connections to Blue Coat. 3DES cannot be disabled.
2017-01-13 A fix in SSLV 3.9 is available in 3.9.7.1.
2016-12-23 SSLV 3.11 is not vulnerable because the fixes are available in 3.11.1.1.
2016-12-22 initial public release