Logjam attack leaves tens of thousands of HTTPS websites vulnerable

Tens of thousands of HTTPS websites, mail servers and other internet services could be left vulnerable by a flaw that would allow criminals to snoop and modify encrypted data, reports Ars Technica.

According to a report released this week by a team of computer scientists (view PDF), the problem lies in a vulnerability in the Diffie-Hellman key exchange, an algorithm used to establish secure connections between two parties. This can be exploited by an attack that has been labelled Logjam, allowing a third party to intercept the data for their own benefits.

According to ZD Net the flaw could have a wide-scale impact, with the computer scientists believing that a successful attack could leave as many as 18 percent of the top one million HTTPS domains on the Web open to eavesdropping.

“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange,” says the report.

“Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve – the most efficient algorithm for breaking a Diffie-Hellman connection – is dependent only on this prime. After this first step, an attacker can quickly break individual connections.”

The Logjam attack is said to be similar to the HTTPS-breaking FREAK attack, as previously reported by We Live Security, except is caused by a flaw in the TLS protocol rather than an implementation issue.

The research team advises that you install the latest updates for all web browsers that you use, with Google, Apple, Microsoft and Mozilla all expected to deploy fixes for their respective browsers soon.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.