Security advisories, knowledge base and other articles about D(HE)at attack and related issues.
October 2, 2024
News.de
IT-Sicherheit: UNIX und Windows bedroht - Update für IT-Sicherheitshinweis zu Diffie-Hellman Implementierungen (Risiko: mittel)
Wie das BSI aktuell meldet, hat die IT-Sicherheitswarnung bezüglich einer bekannten Schwachstelle für Diffie-Hellman Implementierungen ein Update erhalten. Wie sich betroffene Nutzer verhalten sollten, erfahren Sie hier.
read more
October 1, 2024
SUSE Update Advisories
Security update for openssl-3
CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
read more
September 9, 2024
Szilárd Pfeiffer
How Diffie-Hellman Key Exchange can Cause Availability Issues
The Diffie-Hellman key exchange is a cryptographic protocol that allows parties to establish a shared secret over an insecure channel. The security of this key exchange is based on the difficulty of the Discrete Logarithm Problem (DLP) in a given group, such as the multiplicative group of integers modulo a prime number p.
read more
August 26, 2024
Red Hat Customer Portal
CVE-2024-41996
A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server’s public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.
read more
August 26, 2024
SUSE CVE Database
CVE-2024-41996
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
read more
August 26, 2024
Security | Ubuntu
CVE-2024-41996
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
read more
August 26, 2024
Cyber Security News
D(HE)at Attack – 20-Yr-old Flaw Let Attackers Exploit Diffie-Hellman Protocol To Over-Heat Your CPU
Researchers uncovered a new type of denial-of-service (DoS) attack, known as the D(HE)at attack, exploits the computational demands of the Diffie-Hellman key agreement protocol, particularly its ephemeral variant (DHE), to overwhelm servers with minimal effort from the attacker.
read more
June 27, 2024
Ubuntu
USN-6854-1: OpenSSL vulnerability
OpenSSL could be made to consume resources and cause long delays if it processed certain input.
read more
April 23, 2024
Positron Security
An Analysis of the DHEat DoS Against SSH in Cloud Environments
The DHEat denial-of-service vulnerability involves sending a large number of Diffie-Hellman (DH) public keys to a peer, causing it to perform many unnecessary modular exponentiations and wasting CPU resources (in fact, the attacker can simply send random numbers instead of real DH keys to avoid incurring the computational penalty themselves).
read more
April 22, 2024
ssh-audit
v3.2.0 Release
Added implementation of the DHEat denial-of-service attack (see
read more
--dheat
option; CVE-2002-20001).
January 11, 2024
CryptoLyzer
0.12.2 Changelog
Checker for well-known SSH vulnerabilities: Sweet32 attack, Anonymous Diffie-Hellman, NULL encryption, RC4, Non-Forward-Secret, Early SSH version, Weak Diffie-Hellman, DHEat attack, Terrapin attack
read more
December 25, 2023
IEEE Access
D(HE)at: A Practical Denial-of-Service Attack on the Finite Field Diffie–Hellman Key Exchange
S. Pfeiffer and N. Tihanyi, “D(HE)at: A Practical Denial-of-Service Attack on the Finite Field Diffie–Hellman Key Exchange,” in IEEE Access, vol. 12, pp. 957-980, 2024, doi: 10.1109/ACCESS.2023.3347422.
read more
December 5, 2023
Extreme Networks
SA-2023-059 - DHEat attack (CVE-2002-20001)
The Diffie-Hellman Key Agreement Protocol enables remote attackers to send arbitrary numbers without public keys, triggering costly server-side DHE modular-exponentiation calculations. This attack requires minimal CPU resources and bandwidth, and may be more disruptive in cases where clients require server selection of largest supported key size.
read more
September 15, 2023
Ciphersuite Info
Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
The so-called DHEat Attack affects cryptographic protocols using the Diffie Hellman key exchange (incl. TLS). According to its authors, it exploits a potocol particularity that may allow attackers to perform a DoS attack “with a low-bandwidth network connection without authentication, privilege, or user interaction.”
read more
January 22, 2023
CryptoLyzer
0.8.4 Changelog
Checker for well-known TLS vulnerabilities: Anonymous Diffie-Hellman, DHEat attack, DROWN attack, Early TLS version, Export grade ciphers, FREAK attack, Logjam attack, Lucky Thirteen attack, NULL encryption, Non-Forward-Secret, RC4, Sweet32 attack
read more
December 8, 2022
WolfSSL
DHE Vulnerability of CVE 2022-40735
Customers have asked about CVE 2022-40735 and whether they are vulnerable as users of wolfSSL. The short is answer is: No. But, there are ways that you can put yourself at risk. Let’s delve into the CVE and how best to protect yourself from attacks like this.
read more
November 14, 2022
Ubuntu
CVE-2022-40735
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that ”(appropriately) short exponents” can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys.
read more
November 14, 2022
NIST
NVD - CVE-2022-40735
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that “(appropriately) short exponents” can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys.
read more
November 8, 2022
Siemens
SSA-506569: Multiple Vulnerabilities in SCALANCE W1750D
The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to denial of service, unauthenticated remote code execution or stored XSS.
Siemens has released updates for the affected products and recommends to update to the latest versions.
read more
October 12, 2022
OpenSSL
Configuring Supported TLS Groups in OpenSSL
The configuration of supported groups in TLS servers is important to limit the resource consumption of the TLS handshakes performed by the server. This blog post should give system administrators a few useful hints on how to configure the OpenSSL library and two of the most used open source HTTP servers which use the OpenSSL library for supporting the HTTPS protocol.
The CVE-2002-20001 (a.k.a DHEat attack) vulnerability inherent to the support of the Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) key exchanges in TLS and other protocols provides a way for an attacker to cause high CPU usage on servers with relatively low effort on the client side.
read more
August 12, 2022
Microfocus
Diffie-Hellman Key Agreement Protocol vulnerability for Reflection for Secure IT for UNIX
Mitigation for the vulnerability referenced in CVE-2002-20001
read more
May 19, 2022
F5 Networks
K83120834: Diffie-Hellman key agreement protocol weaknesses CVE-2002-20001 & CVE-2022-40735
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
read more
May 19, 2022
SUSE
Security Vulnerability: DHEater aka CVE-2002-20001
Security researchers from Balasys have published a new attack on Diffie-Hellman key exchange which allows remote attackers to attack network facing SSL / TLS / HTTPS / SSH services leading to excessive compute time usage even by sending small amounts of network traffic even before authentication.
All applications on SUSE Linux Enterprise are affected that have DHE enabled. The Diffie-Hellman Epheremal key exchange is usually configured by default to provide perfect forward secrecy.
read more
February 22, 2022
Aruba
AOS-CX Switches Multiple Vulnerabilities
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
read more
November 11, 2021
NIST
NVD - CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
read more