Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Logjam TLS Vulnerability Exposes Websites, Mail Servers: Researchers

Researchers have analyzed the Diffie-Hellman (DHE) key exchange and they’ve come across a new vulnerability that puts a large number of online services at risk.

Researchers have analyzed the Diffie-Hellman (DHE) key exchange and they’ve come across a new vulnerability that puts a large number of online services at risk.

The vulnerability, dubbed “Logjam,” affects the Transport Layer Security (TLS) protocol and it can be exploited through man-in-the-middle (MitM) attacks to downgrade connections to 512-bit export-grade cryptography. An attacker can leverage the flaw to read and alter encrypted data.

According to experts, the attack is similar to FREAK since it’s related to support for export-grade crypto introduced in 1990 at the request of the US government. The main differences are that Logjam attacks are possible due to a TLS vulnerability rather than an implementation flaw, and Logjam targets the Diffie-Hellman cryptographic algorithm rather than the RSA algorithm.

Researchers noted that websites, mail servers (SMTP, POP3S, IMAP), and other services that rely on TLS and support DHE_EXPORT ciphers are vulnerable. Expert have determined that 8.4 percent of the Alexa top one million HTTPS domains, and 3.4 percent of the browser trusted websites are at risk.

The problem is that millions of HTTPS, Secure Shell (SSH), and virtual private network (VPN) servers use the same prime numbers for Diffie-Hellman key exchange.

“Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections,” researchers noted on a website detailing Logjam.

The experts carried out a week-long precomputation for a 512-bit Diffie-Hellman group used by 82 percent of the vulnerable servers. It’s believed that an academic team can break a 768-bit prime, while nation-state actors can even break a 1024-bit prime, which would allow them to conduct passive eavesdropping on connections. In fact, researchers believe the NSA might have already used this technique to target VPNs.

“Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” researchers said.

Proof-of-concept (PoC) attacks for Logjam show how an attacker can eavesdrop on a connection to the tips subdomain on the FBI’s website, how a MitM attacker can intercept a connection to Network Solutions’ webmail interface and steal a user’s credentials, and how a malicious actor could trick a user into downloading and executing arbitrary code.

Experts advise web and mail server administrators to disable support for export-grade cipher suites and ensure that a unique 2048-bit Diffie-Hellman group is generated. Developers and system administrators are advised to use up-to-date TLS libraries and reject Diffie-Hellman groups smaller than 1024-bit.

Google, Mozilla and Microsoft have already taken steps to mitigate Logjam attacks against Chrome, Firefox, and Internet Explorer. Apple is expected to do the same for Safari. Users are advised to keep their web browsers updated.

Additional details on the Logjam attack are available in a paper published by computer scientists at Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft, Johns Hopkins University, University of Michigan, and the University of Pennsylvania.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.