FREAK - CVE-2015-0204

A vulnerability (CVE-2015-0204) named "FREAK" (Factoring RSA EXPORT Keys) has been discovered which can facilitate a man-in-the-middle attack and force a browser to export a weak 512-bit key, which can be factored in just a few hours. 


KEMP has determined that all LoadMasters running version 7.1-24b are not affected by FREAK as the underlying OpenSSL version (1.0.1k) is not affected. All LoadMasters running version 7.0-10h are also not affected, because no SGC ciphers are included in the set of hardcoded cipher suites implemented.

To obtain firmware downloads please click here

 

For further information on this vulnerability please see 

www.freakattack.com

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204

http://www.percona.com/blog/2015/03/05/test-cve-2015-0204-freak-ssl-security-flaw-affects/

https://dev.ssllabs.com/ssltest/viewMyClient.html

 

KEMP is committed to resolving security vulnerabilities carefully and quickly.  If you think you have found a security flaw in a KEMP product, please send all supporting information to securityalert@kemptechnologies.com.

Was this article helpful?

0 out of 0 found this helpful

Comments

Avatar
hoshino.shinichi

Hi
OpenSSL released new version as 1.0.1m, this is for mitigate some vulnerabilities related to the ASN1 interface.
Are these vulnerabilities affect to the current version of LoadMaster?