Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2002-20001 PoC — Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞

Source
https://github.com/c0r0n3r/dheater
Associated Vulnerability
Title:Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞 (CVE-2002-20001)
Description:The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Description
D(HE)ater is a proof of concept implementation of the D(HE)at  attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
Readme
# D(HE)ater

D(HE)ater is the proof-of-concept implementation of the D(HE)at attack ([CVE-2002-20001](
https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). For further information about the attack visit the
[project page](https://dheatattack.gitlab.io/dheater) or read the [full technical paper](
https://ieeexplore.ieee.org/document/10374117) on [IEEE Access](https://ieeeaccess.ieee.org/).

## License

The code is available under the terms of Apache License Version 2.0. 
A non-comprehensive, but straightforward description and also the full license text can be found at 
[Choose an open source license](https://choosealicense.com/licenses/apache-2.0/) website.

## Credits

D(HE)ater uses [CryptoLyzer](https://gitlab.com/coroner/cryptolyzer) to check DHE support of TLS/SSH
services and also to generate the traffic necessary to perform D(HE)at attack.
File Snapshot

 [4.0K]  /data/pocs/23ee15d55b13765f5facc55fdf80a83ac2a52361
├── [4.0K]  data
│   ├── [ 429]  dhparam-ffdhe-2048-openssl-225.pem
│   ├── [ 424]  dhparam-ffdhe-2048.pem
│   ├── [ 604]  dhparam-ffdhe-3072-openssl-275.pem
│   ├── [ 595]  dhparam-ffdhe-3072.pem
│   ├── [ 774]  dhparam-ffdhe-4096-openssl-325.pem
│   ├── [ 769]  dhparam-ffdhe-4096.pem
│   ├── [1.1K]  dhparam-ffdhe-6144-openssl-375.pem
│   ├── [1.1K]  dhparam-ffdhe-6144.pem
│   ├── [1.4K]  dhparam-ffdhe-8192-openssl-400.pem
│   ├── [1.4K]  dhparam-ffdhe-8192.pem
│   ├── [ 429]  dhparam-modp-2048-openssl-225.pem
│   ├── [ 424]  dhparam-modp-2048.pem
│   ├── [ 604]  dhparam-modp-3072-openssl-275.pem
│   ├── [ 595]  dhparam-modp-3072.pem
│   ├── [ 774]  dhparam-modp-4096-openssl-325.pem
│   ├── [ 769]  dhparam-modp-4096.pem
│   ├── [1.1K]  dhparam-modp-6144-openssl-375.pem
│   ├── [1.1K]  dhparam-modp-6144.pem
│   ├── [1.4K]  dhparam-modp-8192-openssl-400.pem
│   └── [1.4K]  dhparam-modp-8192.pem
├── [   4]  dev-requirements.txt
├── [4.0K]  dheater
│   ├── [ 24K]  __main__.py
│   └── [ 380]  __setup__.py
├── [ 255]  Dockerfile
├── [4.0K]  fail2ban
│   ├── [ 301]  apache-ssl.conf
│   └── [ 573]  dovecot-ssl.conf
├── [ 11K]  LICENSE.txt
├── [  38]  MANIFEST.in
├── [ 857]  README.md
├── [  42]  requirements.txt
├── [2.7K]  setup.py
├── [4.0K]  test
│   ├── [   0]  __init__.py
│   └── [ 886]  test_tls.py
├── [4.0K]  tools
│   └── [1.6K]  dh_param_priv_key_size_setter
└── [ 518]  tox.ini

5 directories, 35 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →