Can we get through a quarter without a major high profile SSL vulnerability? OpenSSL regularly patches high severity issues, however only certain vulnerabilities catch the media’s fancy. Logjam adds to the list of recently discovered high profile SSL vulnerabilities, which include Heartbleed, Poodle and FREAK to name a few. With an estimated 8.4 percent of the top 1 million domains affected at the time of publication of this blog, this vulnerability poses a significant risk to the internet ecosystem in much the same way as its predecessors have and still do.
Exposure and Impact
The vulnerability, discovered via a joint academic venture, allows an attacker to target servers supporting export ciphers in the Diffie-Hellman key exchange. This key exchange mechanism, which allows two parties to negotiate a secret key in order to set up an encrypted channel, can be affected when the production of key quality is affected. While the Diffie-Hellman key exchange was designed to be a secure method of key exchange, attackers can force the communication to occur using weak 512-bit keys. Once the encryption strength of the communication has been weakened, attackers can utilize prepared data as a basis or brute force to discover the encryption key negotiated between the two parties.
As with FREAK, the origin of the vulnerability lies in the cryptographic export restrictions placed by the U.S. government in the 1990s. At that time, breaking 512-bit encryption required resources beyond the reach of the average attacker, but breaking this level of encryption today is no longer a daunting task. Vulnerable servers are those that use the Diffie–Hellman key exchange cryptographic algorithm, using the DHE_EXPORT ciphers or software that is vulnerable to CVE-2015-4000.
OpenSSH users using the latest version are not affected by this, because it uses Elliptic-Curve Diffie-Hellman Key Exchange. Web or Mail server administrators should disable export ciphers and instead generate a unique 2048-bit Diffie-Hellman group. The average user will soon see mitigation patches in the form of major browser vendors stating that they will be implementing restrictive policies that ensure the key size in use provides a sufficient level of encryption.
Websense® researchers are not aware of active exploitation of this vulnerability at the time of publication of the blog, although man-in-the-middle attacks are rather commonly used in targeted attacks on journalists and high-profile international visitors, as well as by opportunistic attackers.
Websense Security Labs™ will continue to monitor the situation and provide updates as needed.
Contributors: Jose Barajas and Rajiv Motwani.