Categories: Breaking NewsHacking

A large number of websites and web services affected by the LogJam TLS flaw

Researchers have discovered a new  TLS vulnerability dubbed LogJam that open a large number of online services to cyber attacks.

Logjam is the name assigned to a new vulnerability that affects the Transport Layer Security (TLS) protocol putting a large number of online services at risk. Logjam vulnerability can be triggered through man-in-the-middle (MitM) attacks to downgrade connections to 512-bit export-grade cryptography.

Logjam could be exploited on the servers that support the “Diffie-Hellman key exchange” cryptographic algorithm, which is used by protocols like HTTPS, SSH, SMTPS, IPsec to negotiate a secret key and establish a secure connection.

Once the attacker downgrades encrypted connections between a user and the web server to use weaker 512-bit keys which can be easily decrypted.

The Diffie-Hellman key exchange algorithm is still used by millions of websites implementing HTTPs, Secure Shell (SSH), and virtual private network (VPN) servers.

“Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections,” explained the researchers.

The LogJam vulnerability was discovered few months ago by the crypto researcher Matthew Green along with security experts from the University of Michigan and the French research institute Inria. The team of experts has published a technical paper on the LogJam.

The experts explained that the LogJam attack is similar to the popular FREAK because it is related to support for export-grade crypto introduced by the US Government in 1990.

“Our downgrade attack is due to a protocol flaw in TLS, not an implementation bug.” explained the researcher in the paper comparing LogJam to Freak.

The researchers have verified that 8.4 percent of the Alexa top one million HTTPS domains, and 3.4 percent of the browser trusted websites are vulnerable to the LogJam attack.

The experts demonstrated that a persistent attacker like an Intelligence agency can exploit the vulnerability to conduct passive eavesdropping on connections. The researchers speculate the NSA might have exploited the LogJam to target VPNs, a hypothesis suggested by the document leaked by Edward Snowden.

“Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” researchers said.

The experts provided a Proof-of-concept (PoC) attacks for Logjam to show how to exploit the flaw to steal a user’s credentials and trick a user into downloading and executing arbitrary code.

In order to protect a system from the exploitation of the LogJam attack, experts suggest to disable support for export-grade cipher suites and ensure that a unique 2048-bit Diffie-Hellman group is generated.

IT Giants such as like Google, Microsoft and Mozilla have already updated their browser to fix the flaw, Apple is expected to patch Safari soon.

Pierluigi Paganini

(Security Affairs – LogJam, encryption)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without consent; privacy…

7 hours ago

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise…

9 hours ago

Google fixed a Chrome vulnerability that could lead to full account takeover

Google released emergency security updates to fix a Chrome vulnerability that could lead to full…

10 hours ago

Nova Scotia Power discloses data breach after March security incident

Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after…

20 hours ago

Coinbase disclosed a data breach after an extortion attempt

Coinbase confirmed rogue contractors stole customer data and demanded a $20M ransom in a breach…

23 hours ago

U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities…

1 day ago