Logjam Vulnerability (CVE-2015-4000)
Publish date: 14 de agosto de 2015
Identificadores de CVE : CVE-2015-4000
Fecha recomendada: 14 de agosto de 2015
Descripción
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice. This allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, which could then result in an attacker being able to monitor encrypted communications by being able to decrypt them. This is known as the "Logjam" vulnerability.