Jump to content

Logjam (computer security)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Jesse Viviano (talk | contribs) at 01:43, 16 June 2015 (Add CVE ID). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Logjam is a security vulnerability against US export-grade 512-bit keys in Diffie–Hellman key exchange. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.[1][2][3][4] The vulnerability allows a man-in-the-middle network attacker to downgrade a Transport Layer Security (TLS) connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the HTTPS, SMTPS, and IMAPS protocols, among others.[5] Its CVE ID is CVE-2015-4000.[6]

See also

References

  1. ^ "The Logjam Attack". weakdh.org. 2015-05-20.
  2. ^ Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica.
  3. ^ Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet.
  4. ^ http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565
  5. ^ Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (May 2015). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF).
  6. ^ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000


Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Logjam_(computer_security)&oldid=667131846"