Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:40 PM
Connect Directly

Logjam Encryption Flaw Threatens Secure Communications On Web

Most major browsers, websites that support export ciphers impacted

More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers.

The new Logjam flaw is similar to the recently discovered Factoring attack on RSA-Export Keys (FREAK) flaw in that it gives attackers a way to get web servers and browsers to use weaker encryption keys than they normally use when communicating with each other.

Such downgrades can allow attackers to intercept and read the contents of supposedly secure communications in clear text. According to the security researchers who discovered Logjam, it is quite likely that the U.S. National Security Agency (NSA) exploited the flaw to attack and snoop on VPN-protected communications around the world.

A website created by the research team that discovered the vulnerability states that Logjam affects all modern browsers, as well as websites, mail servers, and TLS-dependent services that still support 512-bit export-grade ciphers. While it is similar in effect to FREAK, Logjam is not an implementation flaw, but a flaw in the actual TLS protocol itself.

Computer scientists at Inria, a French public research institution, Johns Hopkins University, Microsoft Research, the University of Michigan, and the University of Pennsylvania discovered Logjam several months ago and have been working with various client and server software developers to mitigate the threat.

Microsoft, Mozilla, and Google have all updated their browsers, and OpenSSL and Apple are expected to do the same soon, according to the researchers. On the server side, organizations such as Apache, Oracle, IBM, Cisco, and various hosting providers have been informed of the issue. Several TLS developers plan to support a new extension that will mitigate the risk of forced encryption protocol downgrades.

At the center of the Logjam problem is the continued support for weak 512-bit export ciphers by numerous websites and modern browsers. Back in the 1990’s, U.S. government concerns over other countries having access to strong encryption technologies meant that most of the software shipped abroad by American technology firms supported only 512-bit encryption keys.

U.S. technology companies using strong encryption tools, however, included support in their products for 512-bit keys in order to maintain backwards compatibility with products being used overseas.

The encryption restriction itself is long gone. But many commonly used technologies on the net still include support for 512-bit encryption, though much stronger cryptographic protocols are available currently.

The Logjam flaw basically takes advantage of this fact to trick web browsers and servers into using the weaker—and consequently more easily compromised -- encryption standard when communicating with each other. Though the client browser and server might be capable of supporting strong encryption, the TLS flaw gets them to use the 512-bit encryption, while making the browser believe it is using strong encryption.

“The crux of the issue here is the use of DHE_EXPORT ciphers, which uses shorter, 512-bit keying material for the Diffie-Hellman key exchange than what is normally supported and recommended today,” said Tod Beardsley, security engineering manager at Rapid7.

“While normal secure browsing will not use these ciphers by default, they are still supported by all browsers, with the notable exception of Internet Explorer, and offered by a fraction of the top one million websites,” he says.

A man-in-the-middle attacker can get a browser to use the export-grade cipher and then snoop in on the communications. Cybercriminals sitting in a coffee shop with a WiFi network, would potentially be able to snoop on what others on the same network are doing, and so too would state-sponsored groups, he noted.

“While Logjam is usually discussed as a browser and web server attack, there are other protocols that support DH key exchanges,” he said. These include e-mail protocols, such as secure versions of POP3, IMAP, and SMTP, and also SSH, and IPSec-based VPNs. “Clients that use these protocols also need patches to no longer support the weak key exchange, and servers need patches to no longer offer them.”

Another issue related to Logjam is that millions of HTTPS, SSH, and VPN servers all use the same set of prime numbers for exchanging keys during the initial handshake between a client browser and web server, the researchers noted in their paper. This makes it easier to break the keys, especially for those with the resources to do so, they noted.

For instance, by using a specific encryption-breaking algorithm against the most common 512-bit prime numbers used for TLS, the researchers said they were able to demonstrate that the Logjam attack could be used to downgrade connections to 80 percent of TLS servers that support export ciphers.

The researchers estimated that any academic team with average resources could break a 768-bit prime and that a nation-state could break a 1024-bit prime number used in Diffie-Hellman key exchanges. “Breaking the single most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18 percent of the Top 1 Million HTTPS domains,” they warned. Breaking a second prime would allow passive decryption of connections to 66 percent of VPN servers.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/21/2015 | 4:03:07 AM
VPN Technology
VPN technology has its many forms so it cant be stated that this technology is traceable or attacked. For Example, Business VPN from PureVPN is one of the most power tool for enterprises against Cyber threats.

It is because it has layers of security protocols and Military Grade Encryption along with some hidden recipe that makes it unbreakable.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-13
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
PUBLISHED: 2020-08-13
Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.
PUBLISHED: 2020-08-13
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
PUBLISHED: 2020-08-13
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
PUBLISHED: 2020-08-13
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable denial of service via local access.