Exam PT0-002 topic 1 question 194 discussion

The output shows that the server offers LOW: 64 Bit + DES, RC(2,4) (w/o export) ciphers which is not okay as they are considered weak. RC4 is a stream cipher that has known vulnerabilities and has been deprecated by the industry due to its security weaknesses. If the attacker can break RC4 encryption, they can potentially intercept and view the sensitive information transmitted between the client and the server. Therefore, an attack that breaks RC4 encryption is the most likely to succeed.

The output states: LOW: 64 Bit + DES, RC(2,4) w/o export offered (NOT ok) Triple DES Ciphers / IDEA offered So both RC4 and 3DES (Triple DES) are offered. The Sweet32 attack can break 3DES so option A is also correct, however, RC4 is faster to break as it's much weaker than 3DES. The question asks "Which is most likely to succeed?". My answer is both A and B are equally likely to succeed, but in terms of which attack is more efficient, I'll go with RC4.

A birthday attack on 64-bit ciphers (Sweet32). The output shows that obsolete 64-bit block ciphers (DES, RC2, IDEA) are offered, which makes the server vulnerable to the Sweet32 attack. The output shows that RC4 is not offered by the server.

A. A birthday attack on 64-bit ciphers (Sweet32) Explanation: The scan results indicate that the service supports TLS1.0, which is deprecated, and offers “Low” ciphers, including 64-bit DES and RC2 ciphers. The presence of these 64-bit block ciphers makes the system vulnerable to the Sweet32 attack. Sweet32 (Birthday Attack on 64-bit Ciphers): • Sweet32 is a practical attack against the use of 64-bit block ciphers in TLS and SSL. The attack exploits the birthday paradox to find a collision in the cipher’s 64-bit block size, allowing an attacker to decrypt sensitive data. The scan shows that “LOW: 64 Bit + DES, RC[2,4] (w/o export) offered (NOT ok),” indicating that these vulnerable ciphers are indeed supported.

D is the answer! Heartbleed attack can be used when there is Open SSL version 1 and TLS version 1.

The SSL/TLS connection must use one of the block encryption ciphers that use CBC modes, such as DES or AES. Channels that use stream ciphers such as RC4 are not subject to the flaw. A large proportion of SSL/TLS connections use RC4. The CBC vulnerability is a vulnerability with TLS v1. This vulnerability has been in existence since early 2004 and was resolved in later versions of TLS v1.1 and TLS v1.2. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118518-technote-esa-00.html#:~:text=The%20SSL%2FTLS%20connection%20must%20use%20one%20of%20the,A%20large%20proportion%20of%20SSL%2FTLS%20connections%20use%20RC4.

I will suggest that D has a metasploit module and it's 5 simple commands to exploit. Well documented and easy. Also TLS 1 is vulnerable

BBBBBBBBBBBB RC4

Heartbleed is a vulnerability in OpenSSL, which is a cryptographic library used to encrypt web traffic. It was discovered in April 2014 and affects versions of OpenSSL prior to 1.0.1g. It allows attackers to gain access to potentially sensitive information, including passwords, cookies, keys, and other data, stored on web servers. To protect against this attack, it is recommended to update to the latest version of OpenSSL and use strong encryption methods. It is also recommended to perform regular security scans and use end-to-end encryption when possible.

B is correct answer 100% for sure

I was almost thinking it could also be A, as Trip-DES would be susceptible. However, RC4 is the better option here as it is weaker.