Learn about CVE-2020-12872 affecting Yaws web server, loading obsolete TLS ciphers, potentially leading to Sweet32 attacks. Find mitigation steps and preventive measures here.
Yaws through 2.0.2 and/or 2.0.7 is affected by CVE-2020-12872, which involves the loading of obsolete TLS ciphers, potentially allowing Sweet32 attacks.
Understanding CVE-2020-12872
This CVE affects Yaws, a web server written in Erlang.
What is CVE-2020-12872?
CVE-2020-12872 relates to the loading of outdated TLS ciphers in Yaws, potentially exposing it to Sweet32 attacks when running on specific Erlang/OTP virtual machine versions.
The Impact of CVE-2020-12872
The vulnerability could lead to security compromises, enabling attackers to exploit the obsolete ciphers and launch Sweet32 attacks.
Technical Details of CVE-2020-12872
Yaws through versions 2.0.2 and 2.0.7 are susceptible to this vulnerability.
Vulnerability Description
The issue arises from the loading of outdated TLS ciphers in the yaws_config.erl file.
Affected Systems and Versions
Exploitation Mechanism
Attackers can exploit the obsolete TLS ciphers to carry out Sweet32 attacks on vulnerable systems.
Mitigation and Prevention
It is crucial to take immediate action to address and prevent potential exploits.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates