Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the "FREAK" (Factoring Attack on RSA-EXPORT Keys) attack.
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-326: Inadequate Encryption Strength
The weak 512-bit "export grade" RSA keys can be factored to allow an attacker to decrypt information encrypted with these keys.
Update SSL/TLS libraries and applications
This vulnerability was reported by researchers from INRIA, Microsoft Research, and IMDEA.
This document was written by Garret Wassermann.
|Date First Published:||2015-03-06|
|Date Last Updated:||2015-10-27 02:15 UTC|