Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Cipher Suite updated.
Use of Outdated Cipher Suite on NASA's Akamai Subdomain
Disclosed by VivekGoswami- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date about 1 year ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by VivekGoswami
Vulnerability Name: Use of Outdated Cipher Suite on NASA's Akamai Subdomain
Affected URL: akama.arc.nasa.gov
Summary: The Akamai subdomain (akama.arc.nasa.gov) is utilizing an outdated cipher suite, specifically TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, under TLS 1.2. While this cipher is still considered secure, its use of CBC-mode ciphers makes it susceptible to vulnerabilities such as padding oracle attacks. As security best practices evolve, organizations are encouraged to transition to TLS 1.3, which offers stronger encryption and eliminates reliance on outdated cipher suites.
Impact: The reliance on CBC-mode ciphers can expose the server to potential security risks, making it crucial for organizations to adopt modern encryption standards to safeguard sensitive data.