Friday, March 6, 2015

FREAK (Factoring Attack on RSA-EXPORT Keys) Attack

FREAK (Factoring Attack on RSA-EXPORT Keys) Attack

The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography(weak export cipher suites), which can then be decrypted.

 It is recommended to update to the latest software patches. OpenSSL (CVE-2015-0204): versions before 1.0.1k are vulnerable.
For non-OpenSSL, disable support for any export cipher suites and known insecure ciphers on your web server.

  1. Use latest version of Chrome/IE/Mozilla instead of the Android Browser and Safari.
  2. Check if your site is vulnerable. SSL Labs -

  1. FREAK Attack -
  2. Graham Cluley -
  3. Recommended Configuration -

No comments: