This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Thin
Contributor
‎2020-09-10 04:55 AM
Jump to solution

Signature for CVE-2020-1968

Hello

Is it possible to have a signature for CVE-2020-1968 in Check Point IPS?

I think it cannot because Check Point cannot inspect a key between a connection.

If you have more information, please recommend me.

 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2020-09-10 07:42 AM
Jump to solution

Are you sure you need it ? The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v) (From https://nvd.nist.gov/vuln/detail/CVE-2020-1968).

According to CP sk92447 Status of OpenSSL, GAiA uses at least version 1.1.0d.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-09-10 07:42 AM
Jump to solution

Are you sure you need it ? The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v) (From https://nvd.nist.gov/vuln/detail/CVE-2020-1968).

According to CP sk92447 Status of OpenSSL, GAiA uses at least version 1.1.0d.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
‎2020-09-12 03:05 PM
Jump to solution

Given that a key is being reused across multiple connections, I don’t believe this is feasible to write a signature for.
However, that’s just my personal take.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top