Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Signature for CVE-2020-1968

Jump to solution

Hello

Is it possible to have a signature for CVE-2020-1968 in Check Point IPS?

I think it cannot because Check Point cannot inspect a key between a connection.

If you have more information, please recommend me.

 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Champion
Champion

Are you sure you need it ? The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v) (From https://nvd.nist.gov/vuln/detail/CVE-2020-1968).

According to CP sk92447 Status of OpenSSL, GAiA uses at least version 1.1.0d.

View solution in original post

2 Replies
Highlighted
Champion
Champion

Are you sure you need it ? The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v) (From https://nvd.nist.gov/vuln/detail/CVE-2020-1968).

According to CP sk92447 Status of OpenSSL, GAiA uses at least version 1.1.0d.

View solution in original post

Highlighted
Admin
Admin

Given that a key is being reused across multiple connections, I don’t believe this is feasible to write a signature for.
However, that’s just my personal take.