DES and Triple DES ciphers “Sweet32”

Apr 21, 2023

HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack

Summary

TeraStation TS7010/TS6000/TS5020/TS3020 were released with day-one code to address this issue. TS5010/TS3010 modifications to address this were released in firmware 4.32.

Vulnerability ID	Vulnerability Overview
CVE-2016-2183	The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Affected Supported TeraStations

TS5010 / TS3010

Back to Security Notices

Date	Description
4/10/2023	Initial release

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Case Studies

Blog & Helpful Tips

White Papers

Data Security

Webinars

Latest Article

Buffalo Americas Announces FIPS 140 CAVP Validation for Cryptographic Security on TeraStation 5020 and 7010 Series Network Storage

Get Support

Forums

Knowledge Base

Data Recovery

Security Notices

Warranty Information

DES and Triple DES ciphers “Sweet32”

HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack