BSA-2016-134
21369
09 November 2018
31 August 2016
Closed
Low
7.5
N/A
CVE-2016-2183
Security Advisory ID : BSA-2016-134
Component : Crypto
Revision : 2.0: Final
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. More at https://sweet32.info/.
Affected Products
Brocade Fabric OS before FOS v7.4.0
Brocade Network Advisor before 14.3.1
Solution
- For Brocade Fabric OS.
Brocade strongly recommends Customers remove weak ciphers from the list of supported ciphers by default. Starting Brocade Fabric OS v7.4 a CLI secCryptoCfg command provides options to configure various cryptographic algorithms to meet compliance requirements for the SSH and HTTPS protocols on a Brocade Fibre Channel switch.
The secCryptoCfg command is documented in the Brocade Fabric OS Administration Guide. If further assistance is required, Customers are advised to contact Brocade TAC or their support providers.
- For Brocade Network Advisor
Customers are advised to upgrade to supported versions.
Revision History
Version |
Change |
Date |
---|---|---|
1.0 |
Initial Publication |
August 31, 2016 |
2.0 |
BNA update |
Nov 30, 2017 |
3.0 |
Updated to Fibre Channel Only |
Nov 9, 2018 |