1. Support Center
  2. SSL / TLS Vulnerabilities
  3. Specific certificate vulnerabilities

SWEET32: What Is It and How to Fix It?

The Sweet32 attack is a cybersecurity vulnerability that exploits block cipher collisions. Attackers can use 64-bit block ciphers to compromise HTTPS connections. 

Security Assessment

Security_Assessment_ PreventSSLSWEET32

CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

The Sweet32 attack is based on a security weakness in the block ciphers used in cryptographic protocols. It’s similar to the RC4 attacks in terms of computational complexity. 

At the same time, block ciphers are used on many occasions. OpenVPN has as the default cipher Blowfish. Almost all HTTPS web servers support the Triple-DES algorithm. 

Best Way to Prevent From SWEET32 Attacks

To prevent SWEET32 attacks, you need to ensure your systems use only strong ciphers with large block sizes. A modern block cipher would rely on a higher number of blocks. 

You can refer to Secure TLS Configuration for more information on configuring suitable cipher suites and minimizing the chance for block cipher collisions.

Want to verify the level of security of your web app or API? You can use Crashtest Security’s SSL Vulnerability Scanner to discover vulnerabilities right away.

For more information about Crashtest Security, visit crashtest-security.com.