Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)
Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
with the CVEs:
CVE-2002-20001 and CVE-2022-40735
are given a 30% QoD value. Why is that?
I understand why the 30% value is given for software versions where it is possible that a backport patch exists that is not visible remotely. However, the kex-algorithms and ciphers do not face the same problem. The detection of the ciphers are given a 98% QoD, so why are the vulnerability regarding the same ciphers given a 30% QoD? What is not reliable about the detection of the vulnerability in this case?
This is due to the following available mitigations mentioned in the âsolutionâ tag of the VTs in question:
Limit the maximum number of concurrent connections in e.g. the configuration of the remote server. For OpenSSH this limit can be configured via the âMaxStartupsâ option, for other products please refer to the manual of the product in question on configuration possibilities.
and
Limit the maximum number of concurrent connections in e.g. the configuration of the remote server. For Postfix this limit can be configured via âsmtpd_client_new_tls_session_rate_limitâ option, for other products please refer to the manual of the product in question on configuration possibilities.
To the best of my knowledge it is actually not enough to have the affected ciphers enabled to be vulnerable and mitigations are available like mentioned above. Because of this the VTs in question have a lower Quality of Detection as they are not âactivelyâ checking for the DoS situation.