Skip to content ↓ | Skip to navigation ↓

A new potentially high-impact vulnerability called LogJam has been revealed by researchers, which has similarities to the FREAK (CVE-2015-0204) vulnerability disclosed a few months ago, whereby a man-in-the-middle attack can be implemented to weaken the encryption between client and server.

Like FREAK, the LogJam vulnerability takes advantage of legacy encryption standards imposed in the 90s by the U.S. government and tricks servers into using weaker 512-bit keys, which can be decrypted easily.

The vulnerability affects any server supporting DHE_EXPORT ciphers and all modern browsers.

Microsoft’s Internet Explorer was patched for this vulnerability last week and patches for Firefox, Chrome and Safari patches should be available soon.

Impact & Scope

This vulnerability is a flaw in the SSL protocol and has been present for more than 20 years, affecting HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS, so the vulnerability is very widespread.

However, to take advantage of this vulnerability, an attacker needs to be on the same network as the victim, such as on the same Wi-Fi network, so there is no indication of any remote exploit capability related to this vulnerability at this time.

Remediation

System administrators should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. The researchers who identified the vulnerability have provided a detailed guide “Guide to Deploying Diffie-Hellman for TLS,” as well as more technical details of the vulnerability on their website.

Detection of Weak Ciphers with Tripwire

Tripwire IP360 reports the presence of LogJam affected ciphers as well as other ciphers that do not provide adequate security:

V6174 SSL Server Supports Weak Encryption for SSLv3
V79208 SSL Server Supports Weak Encryption for SSLv2
V79210 SSL Server Supports Weak Encryption for TLSv1
V81883 SSL Server Supports Weak Encryption for TLSv1.1
V81884 SSL Server Supports Weak Encryption for TLSv1.2

 

Additionally, IP360 provides the following detection for CVE-2015-0204: V204109, V204490, V204572, V204835, V204989, V205161, V205168, V205439, V205440, V206229, V206758, V207391.

Updates on this vulnerability, as we learn of them, can be found here: https://www.tripwire.com/vert/vert-alert/logjam/

['om_loaded']
['om_loaded']