What Is the DHEAT Vulnerability?

By
2 Minutes Read

By Thomas Chustz, Information Security Analyst, TraceSecurity

Malicious actors have exploited the DHE cipher to take down servers. This D(HE)at Attack exploits the Diffie-Hellman key exchange protocol to DDOS the server it's being run on. The client performing the attack on the server does not need to utilize many resources to do so.

It is a very low-cost and low CPU-intensive attack that bad actors can use to disrupt business operations. This attack has a high impact on the availability of a server and has a CVSS score of 7.5. Luckily, there are numerous changes one can make to protect oneself from this attack.

What Is the D(HE)ater Attack?

The D(HE)ater attack (CVE-2002-20001) sends arbitrary numbers resembling public keys to trick the server to perform rigorous DHE modular-exponentiation calculations using up all of the server’s resources. Any network service using the DHE cipher can be affected. The server doing these calculations, trying to keep up, falls victim to the DDOS attack. DDOS stands for Distributed Denial-of-Service.

With these types of attacks, the server is flooded with traffic, so users cannot connect to the server. This particular attack affects the availability of a server by the client claiming that it can only communicate with the server using DHE. After this negotiation is made, it floods the server until users can no longer connect.

Prevention

The Diffie-Hellman protocol (DHE) was a commonly used key exchange protocol that allowed two parties to share keys securely. Now, this protocol can be detrimental to a server’s availability and give malicious actors an avenue of attack that requires little to no resources.

The good news is, there are multiple ways of avoiding this attack. Methods of prevention can include switching the DHE cipher to the elliptic-curve variant of Diffie-Hellman (ECDHE). Utilizing load balancers may help with this attack, but can be costly and will most likely be unsuccessful if malicious actors allocate a decent number of resources to conduct the attack. Rate limiting connections per client can help mitigate this vulnerability, and even simply disabling the DHE cipher itself is effective.

However, the first step to remediating affected devices with the D(HE)at Attack vulnerability is to first detect the vulnerability in your environment. TraceSecurity offers vulnerability assessments and penetration tests that can detect this vulnerability in your environment so you can have the opportunity to remediate it before it is exploited by a bad actor. Better to be proactive than reactive.

While this vulnerability can be mitigated, one of the first steps to remediation is knowing that the vulnerability exists within your environment. Also, keep in mind that the DHE cipher has been around for decades; it has only been the last few years that it began being exploited on this scale.

Utilizing TraceSecurity’s vulnerability assessments and penetration test services can assist you in staying ahead of the game. You can not only discover if the D(HE)at Attack vulnerability is present in your environment, but you can also stay apprised of new emerging threats in this ever-changing landscape of cybersecurity. Keep yourself protected from this threat and the threats to come.

Connect with TraceSecurity to learn more.
Picture of TraceSecurity

TraceSecurity

TraceSecurity has provided over 30,000 examiner approved reports, helping credit unions of all sizes maintain compliance year after year. A CUNA Strategic Services provider since 2006, TraceSecurity helps credit unions with a range of cybersecurity services, including risk assessments, penetration testing and IT audits. With a combination of software and services, TraceSecurity can help credit unions manage their information security program and supplement it with third-party validation.

Author

Recommended For You