Prevent SSL SWEET32 attacks

The Sweet32 attack is a cybersecurity vulnerability that exploits block cipher collisions. Attackers can use 64-bit block ciphers to compromise HTTPS connections.

Security assessment

CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability information

The Sweet32 attack is based on a security weakness in the block ciphers used in cryptographic protocols. It is similar to the RC4 attacks in terms of computational complexity.

At the same time, block ciphers are used on many occasions. For example, OpenVPN has as the default cipher Blowfish. Almost all HTTPS web servers support the Triple-DES algorithm.

Prevent attacks

To prevent SWEET32 attacks, you need to ensure your systems use only strong ciphers with large block sizes. This is because aA modern block cipher would rely on a higher number of blocks.

See Secure TLS Configuration for more information on configuring suitable cipher suites and minimizing the chance for block cipher collisions.

Want to verify the level of security of your web app or API? You can use the DAST Essentials SSL Scanner to discover vulnerabilities immediately.