Sweet 32 Attack - IIS

Overview

Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie.

  Mitigation

 To mitigate, follow one of these steps:

  • Disable any triple-DES cipher on servers that still support it.
  • Upgrade old servers that do not support stronger ciphers than DES or RC4

Solution

  1. Click Start, click Run, type ‘regedit’ in the Open box, and then click OK.
  2. Locate the following security registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
  3. Go to the ‘SCHANNEL\Ciphers subkey’, which is used to control the ciphers such as DES and RC4.
  4. SCHANNEL\Ciphers\RC4 : In the Right Empty Space, right click New à DWORD à Enter Enabled as the name and hit Enter value data to 0x0.
  5. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
  6. Now to disable SCHANNEL\Ciphers\Triple DES, right-click on the Triple DES folder and select New and
  7. then click Key. Name the new folder Server.
  8. Inside the Server folder, click the Edit menu, select New, and click DWORD
  9. (32-bit) Value. Enter Enabled as the name and hit Enter.
  10. Ensure that it shows 0x00000000 (0) under the Data column (it should by default).
  11. If it doesn't, right-click and select Modify and enter 0 as the Value data.
  12. Reboot windows server.