Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thin
Contributor
Jump to solution

Signature for CVE-2020-1968

Hello

Is it possible to have a signature for CVE-2020-1968 in Check Point IPS?

I think it cannot because Check Point cannot inspect a key between a connection.

If you have more information, please recommend me.

 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

Are you sure you need it ? The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v) (From https://nvd.nist.gov/vuln/detail/CVE-2020-1968).

According to CP sk92447 Status of OpenSSL, GAiA uses at least version 1.1.0d.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

2 Replies
G_W_Albrecht
Legend Legend
Legend

Are you sure you need it ? The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v) (From https://nvd.nist.gov/vuln/detail/CVE-2020-1968).

According to CP sk92447 Status of OpenSSL, GAiA uses at least version 1.1.0d.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin

Given that a key is being reused across multiple connections, I don’t believe this is feasible to write a signature for.
However, that’s just my personal take.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events