OpenSSL TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections
Description: A vulnerability was reported in OpenSSL. A remote user may be able to decrypt TLS connections in certain situations.
A remote user that can conduct a man-in-the-middle attack can cause the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography. The remote user may then be able to decrypt the connection.
This vulnerability resides in the TLS protocol and not in the specific TLS implementation, but the vulnerability is exposed because the target system supports export-grade ciphers. This attack is known as the "Logjam" attack.
Impact: A remote user that can conduct a man-in-the-middle attack can cause the target system to use weak cryptography that can be decrypted.
Solution: CentOS has issued a fix (Advisory CESA-2015:1072).
Vendor URL: www.openssl.org/news/secadv_20150611.txt (Links to External Site)
Cause: Authentication error
Underlying OS: Linux (CentOS)