Skip to main content


Showing posts with the label ECDHE

Vulnerbilities affecting Web and Mail Servers - Logjam-Freak

  Recently we came across a vulnerability know as Logjam which according to researchers any attacker or Man in the middle can exploit weak  Diffie–Hellman key Algorithm. this vulnerability has denoted with CVE number as  CVE-2015-4000.   How DH Algorithm gets exploited Traditionally, secure encrypted communication between two parties (here browser and servers) required that they first exchange keys by some secure physical channel. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.   Here attacker can force the communication between the server and browser to downgrade to lower bit export grade cryptography. The attackers can attacks any servers that support DHE_EXPORT ciphers and affects mostly all browsers. Recommendation : 1) Disable Export Cipher Suites Even though modern browsers no longer support export suites, the FREAK and Logjam attac