What is Logjam?

The Logjam vulnerability has been found to affect most common communication encryptions services like including Transport Layer Security (TLS), IPSec, and Secure Shell (SSH). It helps a man-in-the-middle attacker to downgrade secure connection to 512-bit export-grade cryptograph, which can be used to view and edit supposedly ‘securely encrypted’ data.

What can hackers do with it?

The key to cryptographic security is advanced encryption that is difficult to crack with common computing resources. However, Logjam vulnerability allows an attacker to weaken the encryption complexity, consequently decrypting data easily without user’s knowledge.

During the negotiation process, the attacker manipulates session key and forces export-grade Diffie-Hellman key. It uses 512-bit keys, which are comparatively easier to break. Experts have estimated that roughly 1 million domains with servers supporting DHE_EXPORT cipher are at risk of such an attack.

Exploitation Risk: Connections over vulnerable TLS protocols can be breached.

How to detect and protect against Logjam?

For individual users, Indusface recommends browser update. All major browsers have already released or are in process of releasing patches for the vulnerability.

Website owners should disable export support for export-grade cipher suites. We had earlier recommended for the FREAK vulnerability earlier in the March and our experts recommend it for dealing with Logjam vulnerability too. Key exchanges over 2048-bit strength Diffie-Hellman group will also ensure communication security.

Make sure to disable support for export-grade cipher suites. This will help to address FREAK as well as Logjam. Administrators are also advised to use a unique 2048-bit strength Diffie-Hellman group for key exchange.

  • Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE)
  • Generate a Strong, Unique Diffie Hellman Group

Manual Testing

Administrators can also follow these steps to test their servers for Logjam risks.

Refer to any IndusGuard Web VA report and search for “SSL Cipher Suites Supported” vulnerability. You will see some similar output for SSL ciphers as illustrated in the following points.

SSL Version : TLSv1     

Low Strength Ciphers (< 56-bit key)   

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export   

EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export    

EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export   

Look for ciphers that support weak Diffie Helman key exchanges, (Line 5: “Kx=DH(512)” or “EXP-EDH” as illustrated here) and to filter on.

IndusGuard Web Update

Our existing customers will get updates on the vulnerability. The managed security team has already updated IndusGuard Web application scanning to help detect and resolve the issues at the earliest. You can contact us at any time for unresolved issues, questions, or further assistance.