CVE-2023-5678 OpenSSL DH DoS Flaw Affects Azure
🟡 Medium | Source: Microsoft Security Response Center CVE-2023-5678 is a vulnerability in OpenSSL where processing a Diffie-Hellman (DH) key or parameter with an excessively large Q value can cause the application to hang, consuming significant CPU time. This creates a denial-of-service risk for any service that processes externally supplied DH parameters. Microsoft has published guidance via the MSRC as it affects components within the Azure ecosystem. Security Architect’s Take: Review any Azure services or workloads using OpenSSL for TLS/cryptographic operations and ensure OpenSSL is patched to a version addressing CVE-2023-5678. Pay particular attention to services that accept client-supplied DH parameters, and consider disabling legacy DH cipher suites where not required. ...