CVE-2016-2183

Name of the Vulnerable Software and Affected Versions OpenSSL (affected versions not specified) TLS, SSH, and IPSec protocols (affected versions not specified) Integrated Lights-Out 4 (iLO 4) (affected versions not specified)

Description The DES and Triple DES ciphers have a birthday bound of approximately four billion blocks, making it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session. This issue is also known as a "Sweet32" attack. To exploit this vulnerability, both the OpenSSL server and client have to use 3DES to encrypt data over SSL, and only after 32GB have been transferred can the attacker begin to decrypt data.

Recommendations For OpenSSL, consider disabling the use of 3DES cipher to encrypt data over SSL until a patch is available. For TLS, SSH, and IPSec protocols, restrict the use of DES and Triple DES ciphers to minimize the risk of exploitation. For Integrated Lights-Out 4 (iLO 4), consider applying security updates or patches to address the potential impact of the SWEET32 attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.