Sep 27, 2016
Flaw in RFC 5961 and SWEET32
Researchers have discovered a flaw in the Linux kernel’s TCP/IP networking subsystem implementation of the RFC 5961 challenge ACK rate limiting, that could allow an off-path attacker to inject payload into unsecured TCP connections.
In NetModule Router Software Version 18.104.22.168, the kernel has been patched to make TCP challenge ACKs less predictable (see CVE-2016-5696).
SWEET32, a new attack on TLS and VPN connections affects older block cipher algorithms, such as Triple-DES or Blowfish, which are used to encrypt data between clients and servers.
NetModule recommends to switch to AES or other stronger block ciphers.