Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:40 PM
Connect Directly

Logjam Encryption Flaw Threatens Secure Communications On Web

Most major browsers, websites that support export ciphers impacted

More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers.

The new Logjam flaw is similar to the recently discovered Factoring attack on RSA-Export Keys (FREAK) flaw in that it gives attackers a way to get web servers and browsers to use weaker encryption keys than they normally use when communicating with each other.

Such downgrades can allow attackers to intercept and read the contents of supposedly secure communications in clear text. According to the security researchers who discovered Logjam, it is quite likely that the U.S. National Security Agency (NSA) exploited the flaw to attack and snoop on VPN-protected communications around the world.

A website created by the research team that discovered the vulnerability states that Logjam affects all modern browsers, as well as websites, mail servers, and TLS-dependent services that still support 512-bit export-grade ciphers. While it is similar in effect to FREAK, Logjam is not an implementation flaw, but a flaw in the actual TLS protocol itself.

Computer scientists at Inria, a French public research institution, Johns Hopkins University, Microsoft Research, the University of Michigan, and the University of Pennsylvania discovered Logjam several months ago and have been working with various client and server software developers to mitigate the threat.

Microsoft, Mozilla, and Google have all updated their browsers, and OpenSSL and Apple are expected to do the same soon, according to the researchers. On the server side, organizations such as Apache, Oracle, IBM, Cisco, and various hosting providers have been informed of the issue. Several TLS developers plan to support a new extension that will mitigate the risk of forced encryption protocol downgrades.

At the center of the Logjam problem is the continued support for weak 512-bit export ciphers by numerous websites and modern browsers. Back in the 1990’s, U.S. government concerns over other countries having access to strong encryption technologies meant that most of the software shipped abroad by American technology firms supported only 512-bit encryption keys.

U.S. technology companies using strong encryption tools, however, included support in their products for 512-bit keys in order to maintain backwards compatibility with products being used overseas.

The encryption restriction itself is long gone. But many commonly used technologies on the net still include support for 512-bit encryption, though much stronger cryptographic protocols are available currently.

The Logjam flaw basically takes advantage of this fact to trick web browsers and servers into using the weaker—and consequently more easily compromised -- encryption standard when communicating with each other. Though the client browser and server might be capable of supporting strong encryption, the TLS flaw gets them to use the 512-bit encryption, while making the browser believe it is using strong encryption.

“The crux of the issue here is the use of DHE_EXPORT ciphers, which uses shorter, 512-bit keying material for the Diffie-Hellman key exchange than what is normally supported and recommended today,” said Tod Beardsley, security engineering manager at Rapid7.

“While normal secure browsing will not use these ciphers by default, they are still supported by all browsers, with the notable exception of Internet Explorer, and offered by a fraction of the top one million websites,” he says.

A man-in-the-middle attacker can get a browser to use the export-grade cipher and then snoop in on the communications. Cybercriminals sitting in a coffee shop with a WiFi network, would potentially be able to snoop on what others on the same network are doing, and so too would state-sponsored groups, he noted.

“While Logjam is usually discussed as a browser and web server attack, there are other protocols that support DH key exchanges,” he said. These include e-mail protocols, such as secure versions of POP3, IMAP, and SMTP, and also SSH, and IPSec-based VPNs. “Clients that use these protocols also need patches to no longer support the weak key exchange, and servers need patches to no longer offer them.”

Another issue related to Logjam is that millions of HTTPS, SSH, and VPN servers all use the same set of prime numbers for exchanging keys during the initial handshake between a client browser and web server, the researchers noted in their paper. This makes it easier to break the keys, especially for those with the resources to do so, they noted.

For instance, by using a specific encryption-breaking algorithm against the most common 512-bit prime numbers used for TLS, the researchers said they were able to demonstrate that the Logjam attack could be used to downgrade connections to 80 percent of TLS servers that support export ciphers.

The researchers estimated that any academic team with average resources could break a 768-bit prime and that a nation-state could break a 1024-bit prime number used in Diffie-Hellman key exchanges. “Breaking the single most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18 percent of the Top 1 Million HTTPS domains,” they warned. Breaking a second prime would allow passive decryption of connections to 66 percent of VPN servers.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/21/2015 | 4:03:07 AM
VPN Technology
VPN technology has its many forms so it cant be stated that this technology is traceable or attacked. For Example, Business VPN from PureVPN is one of the most power tool for enterprises against Cyber threats.

It is because it has layers of security protocols and Military Grade Encryption along with some hidden recipe that makes it unbreakable.
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...