Pierluigi Paganini May 21, 2015

Researchers have discovered a new  TLS vulnerability dubbed LogJam that open a large number of online services to cyber attacks.

Logjam is the name assigned to a new vulnerability that affects the Transport Layer Security (TLS) protocol putting a large number of online services at risk. Logjam vulnerability can be triggered through man-in-the-middle (MitM) attacks to downgrade connections to 512-bit export-grade cryptography.

Logjam could be exploited on the servers that support the “Diffie-Hellman key exchange” cryptographic algorithm, which is used by protocols like HTTPS, SSH, SMTPS, IPsec to negotiate a secret key and establish a secure connection.

Once the attacker downgrades encrypted connections between a user and the web server to use weaker 512-bit keys which can be easily decrypted.

The Diffie-Hellman key exchange algorithm is still used by millions of websites implementing HTTPs, Secure Shell (SSH), and virtual private network (VPN) servers.

“Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections,” explained the researchers.

The LogJam vulnerability was discovered few months ago by the crypto researcher Matthew Green along with security experts from the University of Michigan and the French research institute Inria. The team of experts has published a technical paper on the LogJam.

The experts explained that the LogJam attack is similar to the popular FREAK because it is related to support for export-grade crypto introduced by the US Government in 1990.

“Our downgrade attack is due to a protocol flaw in TLS, not an implementation bug.” explained the researcher in the paper comparing LogJam to Freak.

The researchers have verified that 8.4 percent of the Alexa top one million HTTPS domains, and 3.4 percent of the browser trusted websites are vulnerable to the LogJam attack.

The experts demonstrated that a persistent attacker like an Intelligence agency can exploit the vulnerability to conduct passive eavesdropping on connections. The researchers speculate the NSA might have exploited the LogJam to target VPNs, a hypothesis suggested by the document leaked by Edward Snowden.

“Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” researchers said.

The experts provided a Proof-of-concept (PoC) attacks for Logjam to show how to exploit the flaw to steal a user’s credentials and trick a user into downloading and executing arbitrary code.

In order to protect a system from the exploitation of the LogJam attack, experts suggest to disable support for export-grade cipher suites and ensure that a unique 2048-bit Diffie-Hellman group is generated.

IT Giants such as like Google, Microsoft and Mozilla have already updated their browser to fix the flaw, Apple is expected to patch Safari soon.

Pierluigi Paganini

(Security Affairs – LogJam, encryption)