View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007573Kali LinuxNew Tool Requestspublic2022-02-09 16:242022-03-25 13:42
Reportercoroner Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionwon't fix 
Summary0007573: DHEater - proof of concept implementation of CVE-2002-20001
Description

[Name]
DHEater

[Version]
v0.3.2

[Homepage]
https://github.com/Balasys/dheater

[Download]
https://github.com/Balasys/dheater

[Author]
Szilárd Pfeiffer (Balasys)

[Licence]
Apache-2.0 License

[Description]
D(HE)ater is an attacking tool based on CPU heating in that it forces the ephemeral variant of Diffie-Hellman key exchange (DHE) in given cryptography protocols (e.g., TLS, SSH). It is performed without calculating a cryptographically correct ephemeral key on the client-side but with a significant amount of calculation on the server-side. Based on this, a denial-of-service (DoS) attack can be initiated, called D(HE)at attack (CVE-2002-20001).

[Dependencies]
attrs>=19.2.0
cryptoparser>=0.8.0,<0.9.0
cryptolyzer>=0.8.0,<0.9.0
urllib3

[Similar tools]

[Activity]

Project start: 2021
Actively maintained: yes

[How to install]
pip install dheater
docker pull balasys/dheater

[How to use]
dheat --protocol tls ecc256.badssl.com
dheat --protocol ssh ecc256.badssl.com

docker run --tty --rm balasys/dheater --protocol tls ecc256.badssl.com
docker run --tty --rm balasys/dheater --protocol ssh ecc256.badssl.com

[Packaged]
Yes
https://build.opensuse.org/package/show/home:pfeiffersz:dheater:0:3:2/dheater

Activities

g0tmi1k

g0tmi1k

2022-03-25 13:42

administrator   ~0015943

This would be better on Exploit-DB

Issue History

Date Modified Username Field Change
2022-02-09 16:24 coroner New Issue
2022-03-25 13:42 g0tmi1k Status new => closed
2022-03-25 13:42 g0tmi1k Resolution open => won't fix
2022-03-25 13:42 g0tmi1k Note Added: 0015943