Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:40 PM
Connect Directly

Logjam Encryption Flaw Threatens Secure Communications On Web

Most major browsers, websites that support export ciphers impacted

More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers.

The new Logjam flaw is similar to the recently discovered Factoring attack on RSA-Export Keys (FREAK) flaw in that it gives attackers a way to get web servers and browsers to use weaker encryption keys than they normally use when communicating with each other.

Such downgrades can allow attackers to intercept and read the contents of supposedly secure communications in clear text. According to the security researchers who discovered Logjam, it is quite likely that the U.S. National Security Agency (NSA) exploited the flaw to attack and snoop on VPN-protected communications around the world.

A website created by the research team that discovered the vulnerability states that Logjam affects all modern browsers, as well as websites, mail servers, and TLS-dependent services that still support 512-bit export-grade ciphers. While it is similar in effect to FREAK, Logjam is not an implementation flaw, but a flaw in the actual TLS protocol itself.

Computer scientists at Inria, a French public research institution, Johns Hopkins University, Microsoft Research, the University of Michigan, and the University of Pennsylvania discovered Logjam several months ago and have been working with various client and server software developers to mitigate the threat.

Microsoft, Mozilla, and Google have all updated their browsers, and OpenSSL and Apple are expected to do the same soon, according to the researchers. On the server side, organizations such as Apache, Oracle, IBM, Cisco, and various hosting providers have been informed of the issue. Several TLS developers plan to support a new extension that will mitigate the risk of forced encryption protocol downgrades.

At the center of the Logjam problem is the continued support for weak 512-bit export ciphers by numerous websites and modern browsers. Back in the 1990’s, U.S. government concerns over other countries having access to strong encryption technologies meant that most of the software shipped abroad by American technology firms supported only 512-bit encryption keys.

U.S. technology companies using strong encryption tools, however, included support in their products for 512-bit keys in order to maintain backwards compatibility with products being used overseas.

The encryption restriction itself is long gone. But many commonly used technologies on the net still include support for 512-bit encryption, though much stronger cryptographic protocols are available currently.

The Logjam flaw basically takes advantage of this fact to trick web browsers and servers into using the weaker—and consequently more easily compromised -- encryption standard when communicating with each other. Though the client browser and server might be capable of supporting strong encryption, the TLS flaw gets them to use the 512-bit encryption, while making the browser believe it is using strong encryption.

“The crux of the issue here is the use of DHE_EXPORT ciphers, which uses shorter, 512-bit keying material for the Diffie-Hellman key exchange than what is normally supported and recommended today,” said Tod Beardsley, security engineering manager at Rapid7.

“While normal secure browsing will not use these ciphers by default, they are still supported by all browsers, with the notable exception of Internet Explorer, and offered by a fraction of the top one million websites,” he says.

A man-in-the-middle attacker can get a browser to use the export-grade cipher and then snoop in on the communications. Cybercriminals sitting in a coffee shop with a WiFi network, would potentially be able to snoop on what others on the same network are doing, and so too would state-sponsored groups, he noted.

“While Logjam is usually discussed as a browser and web server attack, there are other protocols that support DH key exchanges,” he said. These include e-mail protocols, such as secure versions of POP3, IMAP, and SMTP, and also SSH, and IPSec-based VPNs. “Clients that use these protocols also need patches to no longer support the weak key exchange, and servers need patches to no longer offer them.”

Another issue related to Logjam is that millions of HTTPS, SSH, and VPN servers all use the same set of prime numbers for exchanging keys during the initial handshake between a client browser and web server, the researchers noted in their paper. This makes it easier to break the keys, especially for those with the resources to do so, they noted.

For instance, by using a specific encryption-breaking algorithm against the most common 512-bit prime numbers used for TLS, the researchers said they were able to demonstrate that the Logjam attack could be used to downgrade connections to 80 percent of TLS servers that support export ciphers.

The researchers estimated that any academic team with average resources could break a 768-bit prime and that a nation-state could break a 1024-bit prime number used in Diffie-Hellman key exchanges. “Breaking the single most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18 percent of the Top 1 Million HTTPS domains,” they warned. Breaking a second prime would allow passive decryption of connections to 66 percent of VPN servers.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/21/2015 | 4:03:07 AM
VPN Technology
VPN technology has its many forms so it cant be stated that this technology is traceable or attacked. For Example, Business VPN from PureVPN is one of the most power tool for enterprises against Cyber threats.

It is because it has layers of security protocols and Military Grade Encryption along with some hidden recipe that makes it unbreakable.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-17
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
PUBLISHED: 2021-06-17
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
PUBLISHED: 2021-06-17
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.
PUBLISHED: 2021-06-17
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
PUBLISHED: 2021-06-17
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service c...