Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

FREAK Vulnerability Exposes SSL/TLS Security Hole

Researchers have released details of a vulnerability (CVE-2015-0204) that makes it possible for hackers to crack HTTPS-protected traffic by forcing vulnerable clients to downgrade to weaker crypto.

Researchers have released details of a vulnerability (CVE-2015-0204) that makes it possible for hackers to crack HTTPS-protected traffic by forcing vulnerable clients to downgrade to weaker crypto.

The vulnerability has been dubbed ‘FREAK’ for Factoring RSA Export Keys. It was discovered by a group of researchers from Microsoft Research and the French Institute for Research in Computer Science and Automation, who found it was possible to make web browsers use encryption intentionally weakened in order to comply with U.S. government regulations in effect during the 1990s that banned American companies from exporting strong encryption abroad.

“Support for these weak algorithms has remained in many implementations such as OpenSSL, even though they are typically disabled by default; however, we discovered that several implementations incorrectly allow the message sequence of export ciphersuites to be used even if a non-export ciphersuite was negotiated,” the researchers wrote. “Thus, if a server is willing to negotiate an export ciphersuite, a man-in-the-middle may trick a browser (which normally doesn’t allow it) to use a weak export key. By design, export RSA moduli must be less than 512 bits long; hence, they can be factored in less than 12 hours for $50 on Amazon EC2.”

OpenSSL has patched the issue. According to the site, vulnerable clients include many Google and Apple devices – which often use unpatched OpenSSL – and many embedded systems and other software products that use TLS without disabling the vulnerable cryptographic suites. On the site there is a list of impacted sites that were vulnerable as of 1 AM EST March 3, including and

“If you run a web server, you should disable support for any export suites,” the site advises. “However, instead of simply excluding RSA export cipher suites, we encourage administrators to disable support for all known insecure ciphers (e.g., there are export cipher suites protocols beyond RSA) and enable forward secrecy. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers. You can check whether your site using the SSL Labs’ SSL Server Test.”

According to Reuters, Apple is preparing an update to address the issue that will be released next week.

A Google spokesperson told SecurityWeek that the company encourages all websites to disable support for export certificates, and that Android’s connections to most websites – including Google sites and others without export certificates – are not subject to this vulnerability. The spokesperson also said that Google has already developed a patch and provided it to its partners. 

“This is a very interesting problem that shows how we mustn’t be complacent about these older technologies, even though we think they are not going to be used,” said Ivan Ristic, Qualys’ director of application security research. “This attack seems fairly easy, conceptually – they [the researchers] cite ‘about 7.5 hours for $104 in EC2 time’ to break a key. Then they need to find a vulnerable client.”

“In practice, I don’t think this is a terribly big issue, but only because you have to have many ducks in a row,” he said. “That is: 1) find a vulnerable server that offers export cipher suites; 2) it should reuse a key for a longish time; 3) break key; 4) find vulnerable client; 5) attack via MITM (easy to do on a local network or wifi; not so easy otherwise). There’s a good lesson here, and that’s don’t enable technologies that you don’t want to see used, even if you don’t really think they will be used.”

“I would not freak out too much as must vendors are quickly patching this bug,” added Greg Martin, CTO of ThreatStream. “With that said, it’s yet another reminder that there are still many serious bugs in core software, like Shellshock and now FREAK which are still dormant in many of the key software components powering the Internet. Vendors have a responsibility to proactively test not just their own code but third party code and open source components for such vulnerabilities to protect their users.”

*Update: The list on has been updated. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.