Logjam attack against the TLS protocol

Prathap

Published on

19 Apr 2022

1 min read

SSL

The Logjam is a security vulnerability against a Diffie–Hellman key exchange. It ranges from 512-bit to 1024-bit keys. It was publicly reported on May 20, 2015, by a group of scientists. This server is vulnerable to Logjam attack. This vulnerability allows an attacker to downgrade vulnerable TLS connections using Man-In-The-Middle (MITM) attack. This also allows the attacker to read and modify any data passed over the connection. The vulnerability is because the server is supporting DHE_EXPORT ciphers which can be easily attacked.

Logjam can be executed via two strategies:-

Cryptanalytical attack: This attack utilises pre-computation to crack Diffie-Hellman key exchange.
Protocol attack: This attack allows weaker versions of DH-based cipher suites to be selected.

Impact

This vulnerability can be exploited using a-man-in-the-middle attacks (MITM).

Mitigation / Precaution

Beagle recommends to:-

Disable support for export cipher suites and use a 2048-bit Diffie-Hellman group
Disable EXPORT cipher suits in the web server configuration.

Apache

This vulnerability can be fixed by adding the following code in the SSL configuration file.

        SSLCipherSuite !EXPORT

After adding the above code, restart Apache in the web server.

Nginx

Add the following code in nginx.config file.

        ssl_ciphers '!EXPORT';

If ssl_ciphers is already configured, you must add !EXPORT with ssl_ciphers.

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Product tour

Written by