Logjam, another SSL vulnerability
The Diffie-Hellman protocol, used for key exchangement by others such as HTTPS, SSH IPSec and any other based on TLS, is affected by a vulnerability that allows a MITM attacker downgrade cyphering level to 512 bits. With this security level and using precomputed data, it is possible to quickly guess the key exchanged. This vulnerability reminds of FREAK is not dueto an error in implementation but to an error in TLS protocol.
References:
- 20/05/2015 weakdh.org The Logjam Attack
- 20/05/2015 thenextweb.com There’s a new problem with SSL called “Logjam”, here’s what you need to know
- 20/05/2015 omicrono.com Todo lo que necesitas saber de Logjam, la nueva vulnerabilidad en SSL
- 21/05/2015 incibe.es Vulnerabilidad en la negociación de claves DH en TLS
Tags: