{"id":3914,"date":"2015-05-21T02:01:53","date_gmt":"2015-05-20T18:01:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3914"},"modified":"2015-09-09T19:36:37","modified_gmt":"2015-09-09T11:36:37","slug":"the-logjam-attack-another-critical-tls-weakness","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/05\/the-logjam-attack-another-critical-tls-weakness\/","title":{"rendered":"The Logjam Attack – ANOTHER Critical TLS Weakness"},"content":{"rendered":"
So it seems SSL\/TLS has not been having a good time lately, alongside Heartbleed<\/a> and POODLE<\/a> we now have the Logjam attack.<\/p>\n It’s somewhat similar to the FREAK attack<\/a> earlier this year, but that attacked the RSA key exchange and was due to an implementation vulnerability rather than Logjam which attacks the Diffie-Hellman key exchange as is due to a flaw in the TLS protocol.<\/p>\n <\/p>\n The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.<\/p><\/blockquote>\n Source – weakdh.org<\/a><\/p>\n