LiveActive security incident?Get immediate response
CVE Record

CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary...

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This CVE describes a denial-of-service weakness in servers that still allow classic DHE key exchange. A client can make the server spend disproportionate CPU during handshakes while spending little itself. Business impact is service slowdown or outage, mainly for externally reachable services configured to permit DHE.

Executive priority

Treat this as a high-priority configuration risk for public-facing services, not as a confirmed breach indicator. The main business concern is availability: low-cost client traffic may create disproportionate server CPU load if DHE remains enabled.

Technical view

The issue is computational asymmetry in Diffie-Hellman key agreement: malicious clients send values that are not valid public keys and force expensive server modular exponentiation. The source bundle says exposure requires a server configured to allow DHE and a client able to require DHE negotiation, especially with large supported key sizes.

Likely exposure

Exposure is configuration-dependent, not tied to one named product in the CVE data. Prioritize internet-facing TLS or similar services that allow finite-field DHE, especially where larger DHE groups can be negotiated and connection throttling is weak.

Exploitation context

The CVE is not in KEV, and the provided sources do not prove active exploitation. Public DHEat/DHEater research and tooling exist, so defenders should treat the technique as publicly understood while avoiding assumptions about real-world exploitation.

Researcher notes

Evidence is strongest for the protocol weakness and configuration preconditions. The bundle does not provide CVSS, CWE mapping, a universal affected-product list, or confirmed exploitation. Validation should be environment-specific and grounded in each service's negotiated key-exchange behavior.

Mitigation direction

  • Inventory externally reachable services that still permit DHE key exchange.
  • Prefer ECDHE or other vendor-recommended key exchange settings where supported.
  • Disable DHE where business compatibility allows, following vendor guidance.
  • Apply vendor updates or configuration guidance from affected platform maintainers.
  • Use rate limits and connection controls to reduce handshake CPU exhaustion.

Validation and detection

  • Review service cipher and key-exchange configuration for DHE support.
  • Confirm whether clients can force DHE-only negotiation.
  • Check CPU, handshake, and connection metrics for abnormal negotiation load.
  • Verify vendor advisories for each exposed platform or appliance.
  • Document accepted compatibility exceptions and compensating controls.
Prepared
Confidence
medium
Sources
8

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2002-20001 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
14Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.