Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack

Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack

2015/03/04

Softpedia - (International) A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of government and other Web sites vulnerable. The researchers have dubbed the attack FREAK (Factoring RSA Export Keys) and Akamai cloud platform announced that it patched the vulnerability.

Source: http://news.softpedia.com/news/Strong-SSL-TLS-Ciphers-Downgraded-to-Use-Weak-Crypto-Key-in-FREAK-Attack-474842.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:37