Script ssl-dh-params
Script types:
portrule
Categories:
vuln, safe
Download: https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse
Script Summary
Weak ephemeral Diffie-Hellman parameter detection for SSL/TLS services.
This script simulates SSL/TLS handshakes using ciphersuites that have ephemeral Diffie-Hellman as the key exchange algorithm.
Diffie-Hellman MODP group parameters are extracted and analyzed for vulnerability to Logjam (CVE 2015-4000) and other weaknesses.
Opportunistic STARTTLS sessions are established on services that support them.
Script Arguments
- tls.servername
See the documentation for the tls library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
- mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.
- smtp.domain
See the documentation for the smtp library.
- randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
- vulns.short, vulns.showall
See the documentation for the vulns library.
Example Usage
nmap --script ssl-dh-params <target>
Script Output
Host script results: | ssl-dh-params: | VULNERABLE: | Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) | State: VULNERABLE | IDs: BID:74733 CVE:CVE-2015-4000 | The Transport Layer Security (TLS) protocol contains a flaw that is triggered | when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher. | This may allow a man-in-the-middle attacker to downgrade the security of a TLS | session to 512-bit export-grade cryptography, which is significantly weaker, | allowing the attacker to more easily break the encryption and monitor or tamper | with the encrypted stream. | Disclosure date: 2015-5-19 | Check results: | EXPORT-GRADE DH GROUP 1 | Ciphersuite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | Modulus Type: Non-safe prime | Modulus Source: sun.security.provider/512-bit DSA group with 160-bit prime order subgroup | Modulus Length: 512 bits | Generator Length: 512 bits | Public Key Length: 512 bits | References: | https://weakdh.org | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000 | https://www.securityfocus.com/bid/74733 | | Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength | State: VULNERABLE | Transport Layer Security (TLS) services that use Diffie-Hellman groups of | insuffficient strength, especially those using one of a few commonly shared | groups, may be susceptible to passive eavesdropping attacks. | Check results: | WEAK DH GROUP 1 | Ciphersuite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | Modulus Type: Safe prime | Modulus Source: Unknown/Custom-generated | Modulus Length: 512 bits | Generator Length: 8 bits | Public Key Length: 512 bits | References: | https://weakdh.org | | Diffie-Hellman Key Exchange Potentially Unsafe Group Parameters | State: VULNERABLE | This TLS service appears to be using a modulus that is not a safe prime and does | not correspond to any well-known DSA group for Diffie-Hellman key exchange. | These parameters MAY be secure if: | - They were generated according to the procedure described in FIPS 186-4 for | DSA Domain Parameter Generation, or | - The generator g generates a subgroup of large prime order | Additional testing may be required to verify the security of these parameters. | Check results: | NON-SAFE DH GROUP 1 | Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | Modulus Type: Non-safe prime | Modulus Source: Unknown/Custom-generated | Modulus Length: 1024 bits | Generator Length: 1024 bits | Public Key Length: 1024 bits | References: |_ https://weakdh.org
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html