[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Weak SSL/TLS Key Exchange
Author Message
lance.nettles Offline
Junior Member
**

Posts: 1
Joined: Dec 2022
Reputation: 0
Post: #1
Weak SSL/TLS Key Exchange
We recently had a vulnerability scan done and received a ton of notes on our Yealink IP Phones. We have models T21P, T21P_E2, T38G, T42G, T42S, T48G, T48S mostly on the latest firmwares. Here is the description, as well as a single phone note. Any help on this would be appreciated.

Weak SSL/TLS Key Exchange

THREAT:
QID Detection Logic:
For a SSL enabled port, the scanner probes and maintains a list of supported SSL/TLS versions. For each supported version, the scanner
does a SSL handshake to get a list of KEX methods supported by the server. It reports all KEX methods that are considered weak. The
criteria of a weak KEX method is as follows:
The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key exchanges should provide at least
112 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges.
IMPACT:
An attacker with access to sufficient computational power might be able to recover the session key and decrypt session content.
SOLUTION:
Change the SSL/TLS server configuration to only allow strong key exchanges. Key exchanges should provide at least 112 bits of security,
which
translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges.

T38G - Firmware 38.70.0.228
RESULTS:
PROTOCOL CIPHER NAME GROUP KEY-SIZE FORWARD-SECRET CLASSICAL-STRENGTH QUANTUM-STRENGTH
SSLv2 DES-CBC3-MD5 RSA 1024 no 80 low
SSLv2 EXP-RC4-MD5 RSA export-512 512 varies 57 low
SSLv3 AES256-SHA RSA 1024 no 80 low
SSLv3 EXP1024-RC4-SHA RSA export-1024 1024 varies 80 low
TLSv1 AES256-SHA RSA 1024 no 80 low
TLSv1 EXP1024-RC4-SHA RSA export-1024 1024 varies 80 low
12-06-2022 10:19 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Weak SSL/TLS Key Exchange - lance.nettles - 12-06-2022 10:19 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication