BSA-2016-134

Brocade Security Advisory ID

BSA-2016-134

Initial Publication Date

08/31/2016

Last Updated

11/09/2018

Revision

2.0: Final

Risk Impact

Low

Workaround

N/A

Component

Crypto

Affected CVE

CVE-2016-2183

CVSS Score

7.5

Summary

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. More at https://sweet32.info/.

Affected Products

Brocade Fabric OS before FOS v7.4.0
Brocade Network Advisor before 14.3.1

Solution
  • For Brocade Fabric OS.

Brocade strongly recommends Customers remove weak ciphers from the list of supported ciphers by default. Starting Brocade Fabric OS v7.4 a CLI secCryptoCfg command provides options to configure various cryptographic algorithms to meet compliance requirements for the SSH and HTTPS protocols on a Brocade Fibre Channel switch. 

The  secCryptoCfg command is documented in the Brocade Fabric OS Administration Guide. If  further assistance is required, Customers are advised to contact Brocade TAC or their support providers.

  • For Brocade Network Advisor

Customers  are advised to upgrade to supported versions.

Revision History

Version

Change

Date

1.0

Initial Publication

August 31, 2016

2.0

BNA update

Nov 30, 2017

3.0

Updated to Fibre Channel Only

Nov 9, 2018

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.