A new encryption attack, called LogJam, has emerged that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services.
A man-in-the-middle (MitM) attack can be used to downgrade encrypted connections between a user and a Web/Email server to use extremely weaker 512-bit keys which can be easily decrypted. Just like the old FREAK attack that I wrote in March of this year.
- The flaw allows an attacker to trick a web browser into believing that it is using a regular key, not the export key version.
- Many PCs reuse the same large numbers to generate the keys, which makes them easier for attackers to crack.
- The flaw has been present for more than 20 years affecting HTTPS, SSH, IPsec, SMTPS, and other protocols that rely on TLS.
The flaw impacts any server supporting DHE_EXPORT ciphers and all modern browsers. An estimated 8.4 percent of the top one Million sites and a significant percentage of mail servers are vulnerable to the new vulnerability because they support those export keys.
Hardcore technical details are here. To check to see if your browser is susceptible to LogJam, click here.