A new potentially high-impact vulnerability called LogJam has been revealed by researchers, which has similarities to the FREAK (CVE-2015-0204) vulnerability disclosed a few months ago, whereby a man-in-the-middle attack can be implemented to weaken the encryption between client and server.
Like FREAK, the LogJam vulnerability takes advantage of legacy encryption standards imposed in the 90s by the U.S. government and tricks servers into using weaker 512-bit keys, which can be decrypted easily.
The vulnerability affects any server supporting DHE_EXPORT ciphers and all modern browsers.
Microsoft’s Internet Explorer was patched for this vulnerability last week and patches for Firefox, Chrome and Safari patches should be available soon.
Impact & Scope
This vulnerability is a flaw in the SSL protocol and has been present for more than 20 years, affecting HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS, so the vulnerability is very widespread.
However, to take advantage of this vulnerability, an attacker needs to be on the same network as the victim, such as on the same Wi-Fi network, so there is no indication of any remote exploit capability related to this vulnerability at this time.
Remediation
System administrators should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. The researchers who identified the vulnerability have provided a detailed guide “Guide to Deploying Diffie-Hellman for TLS,” as well as more technical details of the vulnerability on their website.
Source : THE STATE OF SECURITY
25 April 2022
25 April 2022
25 April 2022
25 April 2022
25 April 2022
25 April 2022
25 April 2022
04 December 2020
© 2011-2024 All rights reserved
