[HACKERS] PostgreSQL - Weak DH group

Nicolas Guini Wed, 05 Oct 2016 07:51:24 -0700

Hello everyone,

I sent few days ago to the security DL a mail reporting a vulnerability in
how Postgres is requesting DH params to be used later for encryption
algorithms. So, due to there is no problem sharing with this group, here is
what I sent:


------------------------------------------------------------------------------------------------------------------------------------------
 Hi folks,



                We are working with Postgres 9.3.14 and executing nmap we
found that it is using “weak DH group” (nmap –script ssl-dh-params). Weak =
1024 bits.

                See nmap output (1)



                We don’t know if other versions are affected or not. The
environment used is a RHEL 6 x86_6, OpenSSL version 1.0.2i with FIPS module.

    This issue is similar to what this post explains about using weak DH
parameters: http://www.usefuljs.net/2016/09/29/imperfect-forward-secrecy/



                Following with the code, it seems that PostgreSQL has
missed the keyLength OpenSSL parameter, and it delivers into a weak crypto
configuration.. Affected Code:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=
blob;f=src/backend/libpq/be-secure-openssl.c;h=
8d8f12952a4a4f14a15f8647b96935e13d68fb39;hb=48d50840d53eb62842c0d9b54eab9c
d7c9a3a46d



                (Thanks to Damian in order to found the affected code)




(1) nmap output:


# nmap –script ssl-dh-params -p 5432 <ip>


Starting Nmap 7.25BETA2 ( https://nmap.org )

Nmap scan report for <ip>

Host is up (0.00035s latency).

PORT     STATE SERVICE

5432/tcp open  postgresql

| ssl-dh-params:

|   VULNERABLE:

|   Diffie-Hellman Key Exchange Insufficient Group Strength

|     State: VULNERABLE

|       Transport Layer Security (TLS) services that use Diffie-Hellman
groups

|       of insufficient strength, especially those using one of a few
commonly

|       shared groups, may be susceptible to passive eavesdropping attacks.

|     Check results:

|       WEAK DH GROUP 1

|             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

|             Modulus Type: Safe prime

|             Modulus Source: Unknown/Custom-generated

|             Modulus Length: 1024

|             Generator Length: 8

|             Public Key Length: 1024

|     References:

|_      https://weakdh.org



------------------------------------------------------------------------------------------------------------------------------------------




Thanks in advance

Nicolas Guini

[HACKERS] PostgreSQL - Weak DH group

Reply via email to