Logjam, another SSL vulnerability

The Diffie-Hellman protocol, used for key exchangement by others such as HTTPS, SSH IPSec and any other based on TLS, is affected by a vulnerability that allows a MITM attacker downgrade cyphering level to 512 bits. With this security level and using precomputed data, it is possible to quickly guess the key exchanged. This vulnerability reminds of FREAK is not dueto an error in implementation but to an error in TLS protocol.

References:

20/05/2015 weakdh.org The Logjam Attack
20/05/2015 thenextweb.com There’s a new problem with SSL called “Logjam”, here’s what you need to know
20/05/2015 omicrono.com Todo lo que necesitas saber de Logjam, la nueva vulnerabilidad en SSL
21/05/2015 incibe.es Vulnerabilidad en la negociación de claves DH en TLS

Tags:

SSL/TLS

Vulnerability

Corporate access

Logjam, another SSL vulnerability