Skip to main content

SSL/TLS Export Cipher "Factoring RSA Export Keys" (FREAK) Vulnerability

Last Update Date: 9 Mar 2015 Release Date: 5 Mar 2015 6453 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in SSL/TLS. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered, i.e. conduct a key factoring attack to reveal the RSA private key used by the server.


Impact

  • Information Disclosure

System / Technologies affected

  • Server and client applications use export grade ciphers (EC).

For the list of affected vendors, please refer to:

http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=243585&SearchOrder=4

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 


Vulnerability Identifier


Source


Related Link