SSL 3.0 POODLE攻击信息泄露漏洞(CVE-2014-3566)
nmap -sV -p 443 --version-light --script ssl-poodle IP
扫描结果,看不懂还~~~
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-18 11:23 ?D1ú±ê×?ê±??
Nmap scan report for ***.***.***.***(IP)
Host is up (0.0010s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http Microsoft IIS httpd 7.5
| ssl-poodle:
| VULNERABLE:
| SSL POODLE information leak
| State: VULNERABLE
| IDs: CVE:CVE-2014-3566 OSVDB:113251
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
| products, uses nondeterministic CBC padding, which makes it easier
| for man-in-the-middle attackers to obtain cleartext data via a
| padding-oracle attack, aka the "POODLE" issue.
| Disclosure date: 2014-10-14
| Check results:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA
| References:
| https://www.imperialviolet.org/2014/10/14/poodle.html
| http://osvdb.org/113251
| https://www.openssl.org/~bodo/ssl-poodle.pdf
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.41 seconds
修复:
推荐使用 IIS crypto,毕竟图形化界面要比手工改注册表更直观
禁用ssl 3.0 协议
修改注册表:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols
目录下应有:
SSL 2.0
SSL 3.0
TSL 1.1
TSL 1.2
每个目录下添加Client、Server两个子目录,每个字目录增加两个键值:
DisabledByDefault:0x00000000(1);
Enabled:0x00000000(1);
其中:0为false;1为true;
禁用RC4 加密算法协议
修改注册表:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers
目录下应有:
RC4 128/128
RC4 40/128
RC4 56/128
每个目录下添加键值:
Enabled:0x00000000(1);
其中:0为false;1为true;
修改完注册表如果不想重启生效的话,可以在任务管理器重启explorer.exe 生效
还有好多要学习的啊~~~
网友评论