Logjam - CVE-2015-4000

Recently a security vulnerability named "Logjam" - CVE-2015-4000, was discovered which affects Diffie-Hellman algorithms (DHE_EXPORT) used in TLS negotiation.

The vulnerability allows a Man-in-the-Middle (MitM) attacker to trick the Client and Server into using legacy cipher parameters which are very easy to decrypt with brute force. Both the Client (usually a Browser) and the Server need to be vulnerable for this attack to work. Most browsers should already have updates available. 

KEMP has determined that all LoadMasters are not affected as we do not support DHE_EXPORT cipher suites. 

 

For further information on this vulnerability please see 

https://weakdh.org

https://weakdh.org/sysadmin.html

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000

 

KEMP is committed to resolving security vulnerabilities carefully and quickly.  If you think you have found a security flaw in a KEMP product, please send all supporting information to securityalert@kemptechnologies.com.

Was this article helpful?

0 out of 0 found this helpful

Comments

Avatar
mikenorton

I don't think this adequately addresses the whole situation.

If you read at the weakdh.org website linked in this article, there are actually two issues: first issue is MITM being able to downgrade to DHE_EXPORT. This is what CVE-2015-4000 is about, and which (according to this article) the LoadMasters are immune to since they don't support DHE_EXPORT.

But the second issue, which KEMP has not addressed in this article, is the use of weak, non-unique DH primes in general. The LoadMasters DO use weak-ish (1024 bit) DH primes, but KEMP fails to acknowledge this. See https://support.kemptechnologies.com/hc/communities/public/questions/202211469-Weak-DH-parameters-with-cipher-suites-that-use-DHE-key-exchange

Avatar
James Rago Global Support Manager

ECDHE (Elliptic Curve Ephemeral Diffie-Hellman) is specifically cited by the paper summarized at weakdh.org as the #1 recommendation to avoid all documented issues with "classic" DHE. ECDHE it is also a better performing key exchange algorithm. KEMP recommends that wherever possible customers configure their LoadMasters to use ECDHE cipher suites in preference to DHE cipher suites as client support should be equivalent.

For the rare corner cases (e.g., Java 6 without ECC provider, custom clients) where PFS (Perfect Forward Security) is desired and ECDHE is not supported, version 7.1-30 of our LoadMaster firmware will offer configurable DHE bit-length selection, up to 2048-bit. We expect to have this available in a future release.

Powered by Zendesk