Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense weak DH vuln found with Kali

    Scheduled Pinned Locked Moved General pfSense Questions
    28 Posts 5 Posters 2.1k Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pooperman @pooperman
      last edited by

      May I ask, if my question is just too complicated?

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN Offline
        NogBadTheBad
        last edited by NogBadTheBad

        Might help if you mention what version of pfSense your running.

        https://nmap.org/nsedoc/

        Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions < 7.32 of Drupal core are known to be affected.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          Yeah I assumed that was the previous test which failed to run.

          What key length did you generate the new key at?

          Do you see that certs being used in a browser?

          Steve

          P 1 Reply Last reply Reply Quote 0
          • P Offline
            pooperman @stephenw10
            last edited by

            latest version of pfSense. Just set this up a week ago.

            new DH is 40xx bits

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              Not sure what your running... I don't recall tweaking any of my httpd settings on pfsense... I can fire one up out of the box on vm and scan again with ssltest..

              But have no idea where your seeing dh that low

               Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
              
              Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
              -----------------------------------------------------------------------------------------------------------------------------
               xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
               xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
               xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
               x9f     DHE-RSA-AES256-GCM-SHA384         DH 4096    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
               x6b     DHE-RSA-AES256-SHA256             DH 4096    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
               x39     DHE-RSA-AES256-SHA                DH 4096    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
               xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
               x9e     DHE-RSA-AES128-GCM-SHA256         DH 4096    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256             
              

              Just ran ssltest against pfsense and only see the cipers that do dh all at 4096

              Only thing that comes back with possible vuln is

              LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
              

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 1
              • NogBadTheBadN Offline
                NogBadTheBad
                last edited by NogBadTheBad

                mac-pro:~ andy$ nmap --script ssl-dh-params.nse 172.16.0.1
                
                Starting Nmap 7.40 ( https://nmap.org ) at 2019-03-25 18:49 GMT
                Nmap scan report for pfsense (172.16.0.1)
                Host is up (0.0019s latency).
                Not shown: 995 filtered ports
                PORT     STATE SERVICE
                22/tcp   open  ssh
                53/tcp   open  domain
                443/tcp  open  https
                8081/tcp open  blackice-icecap
                8443/tcp open  https-alt
                | ssl-dh-params: 
                |   VULNERABLE:
                |   Diffie-Hellman Key Exchange Insufficient Group Strength
                |     State: VULNERABLE
                |       Transport Layer Security (TLS) services that use Diffie-Hellman groups
                |       of insufficient strength, especially those using one of a few commonly
                |       shared groups, may be susceptible to passive eavesdropping attacks.
                |     Check results:
                |       WEAK DH GROUP 1
                |             Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
                |             Modulus Type: Non-safe prime
                |             Modulus Source: RFC5114/1024-bit DSA group with 160-bit prime order subgroup
                |             Modulus Length: 1024
                |             Generator Length: 1024
                |             Public Key Length: 1024
                |     References:
                |_      https://weakdh.org
                
                Nmap done: 1 IP address (1 host up) scanned in 5.73 seconds
                mac-pro:~ andy$
                

                Just looked at my certs in keychain, they're all 2048

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 1
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  I will fire up a clean vm...

                   Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
                  
                   PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256
                                                DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 
                   Elliptic curves offered:     sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp256k1 prime256v1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 
                                                brainpoolP512r1 
                   DH group offered:            Unknown DH group (4096 bits)
                  

                  What are you running on pfsense that listens on 8081?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  NogBadTheBadN 1 Reply Last reply Reply Quote 1
                  • NogBadTheBadN Offline
                    NogBadTheBad @johnpoz
                    last edited by NogBadTheBad

                    @johnpoz @BBcan177

                    Ah it's DNSBL.

                    Hmmm disable DNSBL and its a pass.

                    If I look at the cert and the key size is 2048.

                    Screenshot 2019-03-25 at 19.14.03.png

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by johnpoz

                      Key size is not the same has DH size... Sorry but out of the box the DH is 4096..

                      I just fired up a 2.4.4p1 clean VM... nothing more than clicking ok in the wizard and this is what the out of the box gui offers

                       Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
                      
                      Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
                      -----------------------------------------------------------------------------------------------------------------------------
                       xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
                       xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
                       xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
                       x9f     DHE-RSA-AES256-GCM-SHA384         DH 4096    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
                       x6b     DHE-RSA-AES256-SHA256             DH 4096    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
                       x39     DHE-RSA-AES256-SHA                DH 4096    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
                       xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
                       x9e     DHE-RSA-AES128-GCM-SHA256         DH 4096    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
                      
                      
                       Running client simulations (HTTP) via sockets 
                      
                       Android 4.2.2                No connection
                       Android 4.4.2                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
                       Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
                       Android 7.0                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Chrome 65 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Chrome 70 Win 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Firefox 59 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Firefox 62 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       IE 6 XP                      No connection
                       IE 7 Vista                   No connection
                       IE 8 Win 7                   No connection
                       IE 8 XP                      No connection
                       IE 11 Win 7                  TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit DH  (ffdhe4096)
                       IE 11 Win 8.1                TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit DH  (ffdhe4096)
                       IE 11 Win Phone 8.1          TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
                       IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Edge 13 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Edge 13 Win Phone 10         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Edge 15 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Opera 17 Win 7               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
                       Safari 9 iOS 9               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Tor 17.0.9 Win 7             No connection
                       Java 6u45                    No connection
                       Java 7u25                    No connection
                       Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       Java 9.0.4                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                       OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
                      
                      

                      So not sure what he is testing, but it sure isn't pfsense gui..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 1
                      • P Offline
                        pooperman
                        last edited by pooperman

                        DNSBL is also running on my pfsense

                        maybe kali checked the DNSBL cert?
                        @johnpoz thanks for rechecking!

                        NogBadTheBadN 1 Reply Last reply Reply Quote 0
                        • NogBadTheBadN Offline
                          NogBadTheBad
                          last edited by

                          @pooperman is running pfblocker as well.

                          https://forum.netgate.com/topic/141220/pfblockerng-very-slow-at-dns

                          Andy

                          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                          1 Reply Last reply Reply Quote 0
                          • NogBadTheBadN Offline
                            NogBadTheBad @pooperman
                            last edited by

                            @pooperman said in pfSense weak DH vuln found with Kali:

                            DNSBL is also running on my pfsense

                            maybe kali checked the DNSBL cert?
                            @johnpoz thanks for rechecking!

                            Yup stop DNSBL and you'll get a pass.

                            Andy

                            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                            1 Reply Last reply Reply Quote 1
                            • P Offline
                              pooperman
                              last edited by

                              just to get it right, DNSBL shall just redirect unwanted "data".
                              In order to keep integrity, it is using a cert and this cert is having insuffizient DH strength?

                              If so, according to my understanding there is actually no problem. In case someone breaks encryption it will just get all the rubbish that I do not want, correct?

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ Offline
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                @pooperman said in pfSense weak DH vuln found with Kali:

                                DNSBL

                                ask @BBcan177 maybe he can shed some light on what his package is doing... If its serving up something on https, then it should be using current best practices to do so..

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                P 1 Reply Last reply Reply Quote 1
                                • P Offline
                                  pooperman @johnpoz
                                  last edited by

                                  @johnpoz said in pfSense weak DH vuln found with Kali:

                                  @pooperman said in pfSense weak DH vuln found with Kali:

                                  DNSBL

                                  ask @BBcan177 maybe he can shed some light on what his package is doing... If its serving up something on https, then it should be using current best practices to do so..

                                  thanks for support!

                                  will an @ and the name triggers something at the users interface in this forum ie. get an altert?
                                  Or shall i contact him directly?

                                  may I ask how and where you tested the DH key size (6th post)?

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ Offline
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    The @ should send him notification of this post.

                                    The script I use to test ssl stuff is here
                                    https://github.com/drwetter/testssl.sh

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 1
                                    • NogBadTheBadN Offline
                                      NogBadTheBad
                                      last edited by

                                      He not been online for 11 days, I've made a post on reddit linking here.

                                      Andy

                                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                                      BBcan177B 1 Reply Last reply Reply Quote 1
                                      • BBcan177B Offline
                                        BBcan177 Moderator @NogBadTheBad
                                        last edited by

                                        @NogBadTheBad

                                        The function that generates the cert is here:
                                        https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L1024-L1049

                                        I don't think its necessary for what the DNSBL server is serving, but you can change the settings in the code, delete the cert and then Force Update for the cert to be re-created with the new settings. If you test it successfully, let me know and I will change the code in the next release.

                                        /var/unbound/dnsbl_cert.pem
                                        

                                        "Experience is something you don't get until just after you need it."

                                        Website: http://pfBlockerNG.com
                                        Twitter: @BBcan177  #pfBlockerNG
                                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                        1 Reply Last reply Reply Quote 1
                                        • johnpozJ Offline
                                          johnpoz LAYER 8 Global Moderator
                                          last edited by johnpoz

                                          Lets be clear is not the cert that the problem
                                          https://docs.netgate.com/pfsense/en/latest/certificates/dh-parameters.html

                                          What is pfblocker using that would be different than what the web gui is using?

                                          We are not sure what they are actually hitting when they are testing.. All I can tell you is not the pfsense web gui.

                                          So DNSBL listens on port what for SSL, you set this? 8443? How exactly does it serve this up where would it get its DH-parameters from? See the link above.

                                          [2.4.4-RELEASE][admin@sg4860.local.lan]/etc: ls -la dh*
                                          -rw-r--r--  1 root  wheel   245 Nov 17  2017 dh-parameters.1024
                                          -rw-r--r--  1 root  wheel   424 Nov 17  2017 dh-parameters.2048
                                          -rw-r--r--  1 root  wheel   595 Oct  4 08:37 dh-parameters.3072
                                          -rw-r--r--  1 root  wheel   769 Nov 17  2017 dh-parameters.4096
                                          -rw-r--r--  1 root  wheel  1115 Oct  4 08:37 dh-parameters.6144
                                          -rw-r--r--  1 root  wheel  1464 Oct  4 08:37 dh-parameters.8192
                                          

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                                          BBcan177B 1 Reply Last reply Reply Quote 0
                                          • BBcan177B Offline
                                            BBcan177 Moderator @johnpoz
                                            last edited by

                                            @johnpoz

                                            It uses lighttpd not nginx that is used by the pfSense gui:
                                            https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL

                                            Would have to add the DH params to the dnsbl lighttpd conf file:
                                            var/unbound/pfb_dnsbl_lighty.conf

                                            That file is auto created so changes will be overwritten. Don't have time to look at it atm.

                                            "Experience is something you don't get until just after you need it."

                                            Website: http://pfBlockerNG.com
                                            Twitter: @BBcan177  #pfBlockerNG
                                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.