Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Prevent the Bar Mitzvah attack on Virtual Services

 

Information

 

Summary:

This article will discuss how to prevent Bar Mitzvah attacks from connecting through Virtual Services (VSs)

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any application that has a protocol that supports SSL.

Question/Problem Description:

Our OWA redirect is vulnerable to the SSL Bar Mitzvah vulnerability. How do we fix this?

Steps to Reproduce: Use an RC4 cipher as it connects to the VS.
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: RC4 ciphers are being used by the client.
Resolution:

This can be prevented on the Virtual Service by navigating to Virtual Services > View/Modify Services > modify your desired VS.

modVS.png

Expand SSL Properties > change the Cipher Set to "Default_NoRC4" or "BestPractices".

cipherSet.png

A Custom Cipher Set can also be leveraged by clicking following the instructions in this article: https://support.kemptechnologies.com/hc/en-us/articles/360035631391-How-To-Create-Restore-Custom-Cipher-Sets

Workaround: Locate the end user and prevent them from using RC4 ciphers.
Notes:

https://en.wikipedia.org/wiki/Bar_mitzvah_attack


Comments

Avatar

Timo Reindel

Can you recommend to use the "BestPractices" cipher set as well?

0

Avatar

Bill DeCastro

Timo,

Yes, the "BestPractices" cipher set can be used as well. The article has been updated to reflect this option.

1