CVE-2002-20001

Name of the Vulnerable Software and Affected Versions Diffie-Hellman Key Agreement Protocol (affected versions not specified)

Description The Diffie-Hellman Key Agreement Protocol allows remote attackers to send arbitrary numbers that are not public keys, triggering expensive server-side DHE modular-exponentiation calculations, also known as a D(HE)at or D(HE)ater attack. This attack can be more disruptive when a client requires a server to select its largest supported key size. The client needs minimal CPU resources and network bandwidth to perform the attack. The basic attack scenario involves the client claiming it can only communicate with DHE, and the server must be configured to allow DHE.

Recommendations As a temporary workaround, consider disabling the Diffie-Hellman (DHE) key exchange until a patch is available. Restrict access to DHE key exchange to minimize the risk of exploitation. Avoid using DHE key exchange in cases where a client can require a server to select its largest supported key size until the issue is resolved.