Vulnerability Management, TP & SCABirthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32).
Sweet32 vulnerability is recorded as QID 38657 in the Qualys KnowledgeBase and it has a severity of 3.
Please refer to this QID in the KB for Threat and Impact descriptions.
It is not an easily exploited vulnerability, or even one seen to be rampant in the wild. The issue you may run into is that it is a weak and deprecated cipher so auditors will flag it, and if you have PCI requirements or other industry standard requirements it will be flagged.
Thank you for your response. Could you tell me what are the steps for remediating this. Is it something like upgrading the ciphers? or there any configuration changes required?
Again from Qualys KB: Disable and stop using DES, 3DES, IDEA or RC2 ciphers.
Please refer to the vendor documentation for specific commands.
Hello Shyam! thank you for the reply. We have disabled DES ciphers on the windows servers but the problem is RDP stopped working from the time we have disabled DES cipher. I am looking for a solution to this issue.
Srini, you should consult your OS Support to fix the RDP issue. You may also engage Qualys Support, but it sounds like an issue with the OS.
you need to configure RDP over SSL/TLS.Secure RDS (Remote Desktop Services) Connections with SSL
FYI: Best Practice for Configuration Management and Compliance is to disable all weak ciphers, internally and externally, especially if your enterprise leverages CIS benchmarks.
Retrieving data ...