Advice
Yet another web encryption vulnerability identified: LogJam | Storm Internet
A new vulnerability known as LogJam has been identified by an international group of security researchers with similarities to the FREAK vulnerability, it was actually discovered during follow up investigations of the FREAK attack. FREAK was discovered in March, where a man-in-the-middle attack can be implemented to weaken the encryption between the client and server. It basically affects the encryption of browser data, allowing the attacker to read and modify any data passed over the connection, such as payment card information, usernames and passwords.
LogJam affects the Diffie-Hellman key exchange, a cryptographic algorithm, and tricks servers and browsers into believing they’ve chosen the strongest method of encryption when they’re actually using weaker 512-bit keys, an older and less secure method of encryption which can be easily decrypted. Potentially LogJam can affect anything using communication services including SSH or the newer version TLS, so it is very widespread.
The attack can be carried out in places which offer public wifi where the attacker can inject themselves into communications between the client and server, known as a man-in-the-middle (MITM) attack. If the attacker can gain access to the same wired network as the client they can also intercept network traffic.
LogJam affects any server which supports DHE-EXPORT ciphers and all modern browsers. Microsoft have already patched Internet Explorer and Firefox, Chrome and Safari are aware of the issue and patches for these browsers should be available soon.
Tips to avoid this happening to you
- If you run a web or mail server you should disable support for cipher suites and generate a unique 2048-bit Diffie-Hellman group, you can find a guide for deploying this here. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.
- If you use a browser ensure you have the most recent version installed and check for updates frequently.
- If you’re a sysadmin or developer ensure any TLS libraries you use are up-to-date and that you reject Diffie-Hellman Groups smaller than 1024-bit.
For more information on how we can help you with any security issues you may have please visit our website or speak with one of our security advisors on 0800 817 4727
Speak with a Storm Expert
Please leave us your details and we'll be in touch shortly
A Trusted Partner