When a SSL/TLS connection is established using DH <=1024 bits, an attacker could find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plain text or potentially violate the integrity of connections.
How to detect vulnerability?
nmap -Pn -p 443 –script ssl-dh-params <IP-address>
How to fix vulnerable systems?
- Navigate to following path in Registry.
2. Create new sub key named Diffie-Hellman, if it didn’t already exists.
3. Create DWORD called Enabled and set 0 value.