Logjam (computer security)

Logjam is a security vulnerability against US export-grade 512-bit keys in Diffie–Hellman key exchange. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.^[1]^[2]^[3]^[4] The vulnerability allows a man-in-the-middle network attacker to downgrade a Transport Layer Security (TLS) connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the HTTPS, SMTPS, and IMAPS protocols, among others.^[5] Its CVE ID is CVE-2015-4000.^[6]

Responses

On June 16, 2015, the Tor Project provided a patch for Logjam to the Tor Browser.^[7]
On June 30, 2015, Apple released a patch for both OS X Yosemite and iOS 8 operating system.^[8]^[9]
On Mai 12, 2015, Microsoft released a patch for Internet Explorer.^[10]

References

^ "The Logjam Attack". weakdh.org. 2015-05-20.
^ Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica.
^ Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet.
^ http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565
^ Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (May 2015). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF).
^ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
^ https://blog.torproject.org/blog/tor-browser-452-released
^ https://support.apple.com/HT204942
^ https://support.apple.com/HT204941
^ "Vulnerability in Schannel Could Allow Information Disclosure (3061518)". Microsoft Corporation. 2015-05-12. This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed Logjam technique, an industry-wide issue that is not specific to Windows operating systems.

External links

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

This Internet-related article is a stub. You can help Wikipedia by expanding it.

[1] "The Logjam Attack". weakdh.org. 2015-05-20.

[2] Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica.

[3] Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet.

[4] ttp://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565

[5] Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (May 2015). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF).

[6] ttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

[7] ttps://blog.torproject.org/blog/tor-browser-452-released

[8] ttps://support.apple.com/HT204942

[9] ttps://support.apple.com/HT204941

[10] "Vulnerability in Schannel Could Allow Information Disclosure (3061518)". Microsoft Corporation. 2015-05-12. This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed Logjam technique, an industry-wide issue that is not specific to Windows operating systems.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

Logjam (computer security)

Contents

Responses

See also

References

External links