New vulnerability found in SSL called “Logjam”

After Heartbleed, there is another major security issue in SSL that affects a millions of websites.
The bug affects an algorithm called “Diffie–Hellman key exchange“, which allows two parties that have never met before to negotiate a shared key over an insecure channel.
The vulnerability affects an estimated 8.4 percent of top one million websites, along with huge number of mail servers.
A number of security researchers from different organisations and universities, have discovered a number of security issue in this algorithm, and published a report that explains about the flaw.
The attacks allow man-in-the-middle (MITM) to downgrade HTTPS connections to 512-bit cryptography.
You can check whether you browser is vulnerable or not through this site.At the time of writing this article this site shows that both Chrome and Firefox are vulnerable to this flaw, while  Internet Explorer is safe from Logjam vulnerability.
We recommend to this guide if you system admin of a server.

Post a Comment