• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

Logjam Vulnerability Advisory

You are here: Home / Newsletters / Logjam Vulnerability Advisory
ControlCase No Tag LOGO md

Logjam Vulnerability Advisory

This is a security advisory on the “Logjam Vulnerability.”

What is Logjam Attack

The Logjam vulnerability is a weakness that left secure sites open to attack. A weakness in encryption protocol called Diffie-Hellman is letting attackers downgrade certain connections to 512-bits of security which is low enough to be cracked by attackers. At this time it’s not clear if anyone is actively exploiting the weakness.

Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties.

This vulnerability is a flaw in the SSL/TLS protocol and has been present for more than 20 years, affecting HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS, so the vulnerability is very widespread.

However, to take advantage of this vulnerability, an attacker needs to be on the same network as the victim, such as on the same Wi-Fi network.

Who is Affected

  • All Websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers are at risk for the Logjam attack.
  • Websites that use one of a few commonly shared 1024-bit Diffie-Hellman groups may be susceptible to passive eavesdropping from an attacker with nation-state resources.

​

How ControlCase CaaS Customers can request a test for Logjam Vulnerability

ControlCase Compliance as a Service (CaaS) customers can request “GHOST Vulnerability Scan” by using the following steps:

    1. Login to IT GRC portal
    2. Click “External PT Scan Form” link on the dashboard

cd2ddc5b-5898-4311-9f66-d37603a72d51

    1. Fill the External Penetration Test form with all the details and mention “Logjam Vulnerability Scan” before filling the public IP addresses against #6

cdb53696-8f28-4da7-9b6e-0f5bfa968516

    1. Once form is filled completely, click Notify button on top right corner

737c1035-cb85-4c78-a695-131d6153e12b

How to test if you are vulnerable

The easiest way to check vulnerability is to check SSL configuration and ensure that DHE_EXPORT ciphers are not supported by the server.

How to fix

The best way to mitigate the risk is to deploy Diffie-Hellman correctly for TLS by following below implementation:

  • Disable Export Cipher Suites
  • Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE)
  • Generate a Strong, Unique Diffie Hellman Group
  • Make sure any TLS libraries in used are up-to-date and that rejects Diffie-Hellman Groups smaller than 1024-bit.

It is recommended to ensure that the most recent version of browser is installed, and check for updates frequently as Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.

References

https://weakdh.org/sysadmin.html

http://thehackernews.com/2015/05/logjan-ssl-vulnerability.html

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC1, SOC2, SOC3, HIPAA/HITRUST™, ISO 27001/2, SSAE16, PIPEDA, FERC/NERC, Sarbanes Oxley (SOX), GLBA, CoBIT, BITS FISAP and EI3PA.

https://www.controlcase.com


  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices