Connect with us

Hi, what are you looking for?


Malware & Threats

Logjam TLS Vulnerability Exposes Websites, Mail Servers: Researchers

Researchers have analyzed the Diffie-Hellman (DHE) key exchange and they’ve come across a new vulnerability that puts a large number of online services at risk.

Researchers have analyzed the Diffie-Hellman (DHE) key exchange and they’ve come across a new vulnerability that puts a large number of online services at risk.

The vulnerability, dubbed “Logjam,” affects the Transport Layer Security (TLS) protocol and it can be exploited through man-in-the-middle (MitM) attacks to downgrade connections to 512-bit export-grade cryptography. An attacker can leverage the flaw to read and alter encrypted data.

According to experts, the attack is similar to FREAK since it’s related to support for export-grade crypto introduced in 1990 at the request of the US government. The main differences are that Logjam attacks are possible due to a TLS vulnerability rather than an implementation flaw, and Logjam targets the Diffie-Hellman cryptographic algorithm rather than the RSA algorithm.

Researchers noted that websites, mail servers (SMTP, POP3S, IMAP), and other services that rely on TLS and support DHE_EXPORT ciphers are vulnerable. Expert have determined that 8.4 percent of the Alexa top one million HTTPS domains, and 3.4 percent of the browser trusted websites are at risk.

The problem is that millions of HTTPS, Secure Shell (SSH), and virtual private network (VPN) servers use the same prime numbers for Diffie-Hellman key exchange.

“Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections,” researchers noted on a website detailing Logjam.

The experts carried out a week-long precomputation for a 512-bit Diffie-Hellman group used by 82 percent of the vulnerable servers. It’s believed that an academic team can break a 768-bit prime, while nation-state actors can even break a 1024-bit prime, which would allow them to conduct passive eavesdropping on connections. In fact, researchers believe the NSA might have already used this technique to target VPNs.

Advertisement. Scroll to continue reading.

“Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” researchers said.

Proof-of-concept (PoC) attacks for Logjam show how an attacker can eavesdrop on a connection to the tips subdomain on the FBI’s website, how a MitM attacker can intercept a connection to Network Solutions’ webmail interface and steal a user’s credentials, and how a malicious actor could trick a user into downloading and executing arbitrary code.

Experts advise web and mail server administrators to disable support for export-grade cipher suites and ensure that a unique 2048-bit Diffie-Hellman group is generated. Developers and system administrators are advised to use up-to-date TLS libraries and reject Diffie-Hellman groups smaller than 1024-bit.

Google, Mozilla and Microsoft have already taken steps to mitigate Logjam attacks against Chrome, Firefox, and Internet Explorer. Apple is expected to do the same for Safari. Users are advised to keep their web browsers updated.

Additional details on the Logjam attack are available in a paper published by computer scientists at Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft, Johns Hopkins University, University of Michigan, and the University of Pennsylvania.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.