Follow

LogJam Vulnerability: What You Should Know In Regard To Redtail

On May 21, 2015, an announcement was published (CVE-2015-4000) about a new security vulnerability named LogJam. The vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to a lesser bit encryption thus allowing the attacker to read and/or modify any data passed over the connection. The vulnerability is similar to the FREAK vulnerability, but is due to a flow in the TLS protocol itself rather than implementation.

This vulnerability Attacks a Diffie-Hellman key exchange (D-H) rather than an RSA key exchange. Diffie-Hellman key exchange is a specific method of securely exchanging cryptographic keys over public channels and was one of the first protocols to do so. 

Upon learning of this new security vulnerability, we immediately began assessing the potential threat in regard to Redtail's infrastructure. After reviewing the vulnerability scope and auditing our infrastructure, it was determined that LogJam does not impact Redtail's infrastructure. The cypher suites utilized by Redtail do not include the impacted key exchange. 

Rest assured we take all threats of this nature seriously and we will continue to monitor ongoing updates concerning the LogJam vulnerability and react accordingly should additional action be required on our end.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk