Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the "FREAK" (Factoring Attack on RSA-EXPORT Keys) attack.
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-326: Inadequate Encryption Strength
The weak 512-bit "export grade" RSA keys can be factored to allow an attacker to decrypt information encrypted with these keys.
Update SSL/TLS libraries and applications
Microsoft Corporation Affected
NEC Corporation Affected
Research in Motion (RIM) Affected
Botan Not Affected
Cryptlib Not Affected
GnuTLS Not Affected
IAIK Java Group Not Affected
Legion of the Bouncy Castle Not Affected
Crypto++ Library Unknown
EMC Corporation Unknown
Oracle Corporation Unknown
PeerSec Networks Unknown
This vulnerability was reported by researchers from INRIA, Microsoft Research, and IMDEA.
This document was written by Garret Wassermann.
|Date First Published:||2015-03-06|
|Date Last Updated:||2015-10-27 02:15 UTC|