+1 866 537 8234 | +91 265 6133021

Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Blog Home  »  Web Application Security   »   All You Need To Know About Logjam Vulnerability

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

All You Need To Know About Logjam Vulnerability

Posted DateMay 27, 2015
Author Bio
Posted Time 2   min Read

What is Logjam?

The Logjam vulnerability has been found to affect most common communication encryptions services like including Transport Layer Security (TLS), IPSec, and Secure Shell (SSH). It helps a man-in-the-middle attacker to downgrade the secure connection to a 512-bit export-grade cryptography, which can be used to view and edit supposedly ‘securely encrypted’ data.

What can hackers do with it?

The key to cryptographic security is advanced encryption that is difficult to crack with common computing resources. However, Logjam vulnerability allows an attacker to weaken the encryption complexity, consequently decrypting data easily without the user’s knowledge.

During the negotiation process, the attacker manipulates the session key and forces the export-grade Diffie-Hellman key. It uses 512-bit keys, which are comparatively easier to break. Experts have estimated that roughly 1 million domains with servers supporting DHE_EXPORT cipher are at risk of such an attack.

Exploitation Risk: Connections over vulnerable TLS protocols can be breached.

How to detect and protect against Logjam?

For individual users, Indusface recommends browser update. All major browsers have already released or are in the process of releasing patches for the vulnerability.

Website owners should disable export support for export-grade cipher suites. We had earlier recommended for the FREAK vulnerability earlier in March and our experts recommend it for dealing with Logjam vulnerability too. Key exchanges over the 2048-bit strength Diffie-Hellman group will also ensure communication security.

Make sure to disable support for export-grade cipher suites. This will help to address FREAK as well as Logjam. Administrators are also advised to use a unique 2048-bit strength Diffie-Hellman group for key exchange.

  • Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE)
  • Generate a Strong, Unique Diffie Hellman Group

Manual Testing

Administrators can also follow these steps to test their servers for Logjam risks.

Refer to any Indusface Web VA report and search for “SSL Cipher Suites Supported” vulnerability. You will see some similar output for SSL ciphers as illustrated in the following points.

SSL Version : TLSv1     

Low Strength Ciphers (< 56-bit key)   

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export   

EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export    

EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export   

Look for ciphers that support weak Diffie Helman key exchanges, (Line 5: “Kx=DH(512)” or “EXP-EDH” as illustrated here) and to filter on.

Indusface Web Update

Our existing customers will get updates on vulnerability. The managed security team has already updated Indusface Web application scanning to help detect and resolve the issues at the earliest. You can contact us at any time for unresolved issues, questions, or further assistance.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Tags:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

man-in-the-middle attack
What is a Man-in-the-Middle Attack? Detection and Prevention Tips

A man in the middle attack (MITM attack) is executed when a hacker secretly intercepts an online communication. The attacker can silently eavesdrop on the conversation, steal information, or alter the content of.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!