Diffie-Hellman Key Exchange "Logjam" Vulnerability

Last Update Date: 22 May 2015 12:14 Release Date: 22 May 2015 3943 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Diffie-Hellman Key Exchange (DH). The vulnerability allows attackers to intercept protocols that rely on DH and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered.

Impact

  • Information Disclosure

System / Technologies affected

  • Server and client applications use export grade ciphers (EC).

Solutions

 Before installation of the software, please visit the software manufacturer web-site for more details.

  • For clients:
    • Please note the vendor releasing the patch. Currently, you can check whether your browser is affected by visiting this webpage: https://weakdh.org/
  • For servers:
    • If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. You can refer to this guide for details: https://weakdh.org/sysadmin.html
    • If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco ASA Denial of Service Vulnerability

22 May 2015 3729 Views

Next

PostgreSQL Multiple Vulnerabilities

26 May 2015 3746 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY