FREAK Attack


Vulnerability Description

The FREAK Attack relies on a few key pieces falling into place.

On the server side, this means that export ciphers are supported. When export ciphers are used, a 512-bit RSA key is used. This key can be factored in less than a day using popular cloud hosting services. Once this is accomplished, the attacker could then man-in-the-middle a victim using the factored key.

On the client side, an attacker must be able to force the client to accept a weak key, even if a strong cipher has been requested. This can be accomplished in clients that use OpenSSL, SChannel, and other libraries. The vulnerability that allows this has been identified with the following CVEs:

  • OpenSSL – CVE-2015-0204
  • SChannel – CVE-2015-1637
Exposure and Impact

An attacker that successfully executed this attack could man-in-the-middle a victim’s connection. Users are most susceptible when using open, public wireless networks like those found in hotels and coffee shops.

Remediation & Mitigation

This attack requires that both the server and client be vulnerable. Servers that don’t use export ciphers and clients that have been patched against the appropriate CVE are not vulnerable and would mitigate this attack.


Tripwire IP360 provides the following detection for server-side export ciphers:


SSL Server Supports Weak Encryption for SSLv3


SSL Server Supports Weak Encryption for SSLv2


SSL Server Supports Weak Encryption for TLSv1


SSL Server Supports Weak Encryption for TLSv1.1


SSL Server Supports Weak Encryption for TLSv1.2

Additionally, IP360 provides the following detection for CVE-2015-0204: V204109, V204490, V204572, V204835, V204989, V205161, V205168, V205439, V205440, V206229, V206758, V207391. This includes detection for the OpenSSL vulnerability on Debian, Ubuntu, RHEL, CentOS, OEL, SUSE, and Fedora.

Tripwire Enterprise COCR Rules for CVE-2015-0204 (FREAK Attack) Detection


SMACK: State Machine AttaCKs (original research)

Tracking the FREAK Attack

Akamai Addresses CVE 2015-0204 Vulnerability

Microsoft Security Advisory 3046015

OpenSSL Security Advisory (08 Jan 2015)


Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications