HTTPS-crippling attack threatens tens of thousands of Web and mail servers

[Batu69]

​Diffie-Hellman downgrade weakness allows attackers to intercept encrypted data.

​

​Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.

​

The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. The threat stems from a flaw in the transport layer security protocol that websites and mail servers use to establish encrypted connections with end-users. The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they're communicating over an unsecured, public channel.

​

​The weakness is the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad. The regime was established by the Clinton administration so the FBI and other agencies could break the encryption used by foreign entities. Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled sever that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties.

​

"Logjam shows us once again why it's a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for," J. Alex Halderman, one of the scientists behind the research, wrote in an e-mail to Ars. "That's exactly what the US did in the 1990s with crypto export restrictions, and today that backdoor is wide open, threatening the security of a large part of the Web."

​

​Continue read here>> http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/

[steven36]

More Info: LogJam Exposed 575 Cloud Services to Man-in-the Middle Attacks

Security researchers have disclosed that within several hours of the discovery of the LogJam vulnerability, as many as 575 cloud service providers were potentially vulnerable to man-in-the-middle (MitM) attacks.

LogJam, a subset of the FREAK vulnerability, is a twenty-year old encryption flaw that weakens the TLS (Transport Layer Security) protocol in servers that use export grade DHE ciphers with keys less than 1024-bit.

If both a browser and a server support 512-bit key encryption, a MitM attack can force the browser to use a weaker export DH key that can be easily broken.
The researchers examined 10,000 cloud applications and data from more than 17 million global cloud users, finding that the average company uses about 923 cloud-based services, and they estimate that as many as 99% are using at least one cloud service that is vulnerable to LogJam, with the average enterprise using as many as 71 vulnerable services.
A MitM attack that leverages the LogJam vulnerability would entail an attacker changing a client’s Hello message form asking for a standard DH ciphersuite to a request for the weaker export DH.

The server would then send the 512-bit export DH key signed with its long-term key, and the client would accept this weaker key due to the OpenSSL/Secure Transport bug.
The attacker could then factor the DH modulus to recover the corresponding DH decryption key.

“When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’,” the researchers said. “From here on out, the attacker sees plain text and can inject anything it wants.”

Nigel Hawthorn of Skyhigh Networks says that in order to patch the vulnerability, cloud providers must disable support for export suites, deploy elliptic-curve Diffie-Hellman, and generate a unique Diffie-Hellman Group.

“Likewise, individual organisations must determine and contain both their client-side and service-side exposure. For instance, simple steps like making sure employees only use browser versions that are not vulnerable, such as patched versions of Chrome or Firefox.”

Source

Most browsers have yet to issue patches that fix the Logjam vulnerability. I tried Chrome, for example, and no upgrades were available that fixed it. Computerworld reports that as of late Wednesday, the only browser that had been patched was Internet Explorer 11

http://www.itworld.com/article/2925039/web-browsers/how-to-check-if-youre-vulnerable-to-the-logjam-hack-attack.html

Who is affected?

Websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers are at risk for the Logjam attack. We use Internet-wide scanning to measure who is vulnerable.

Protocol

Vulnerable to Logjam
HTTPS — Top 1 Million Domains 8.4%
HTTPS — Browser Trusted Sites 3.4%

SMTP+StartTLS — IPv4 Address Space 14.8%

POP3S — IPv4 Address Space 8.9%
IMAPS — IPv4 Address Space 8.4%

Vulnerable if most common 1024-bit group is broken
HTTPS — Top 1 Million Domains 17.9%
HTTPS — Browser Trusted Sites 6.6%
SSH — IPv4 Address Space 25.7%
IKEv1 (IPsec VPNs) — IPv4 Address Space 66.1%

source : https://weakdh.org/