FREAK Security Alert

From: Ish Sookun <ish_at_hacklog.in>
Date: Mon, 9 Mar 2015 17:43:21 +0400

Hello,

CERT-MU released a security alert today[1] addressing the FREAK
vulnerability[2].

The PDF they provide mentions the FREAK attack in general while citing only
CVE-2015-1637[3] which covers the vulnerability in Microsoft Secure
Channel[4] product. The document misses out the CVE id for OpenSSL which is
CVE-2015-0204[5].

The main highlight of this vulnerability is the use of weak ciphers.

I'm planning to write a blog post with a possible attack scenario; if
somebody would like to contribute with ideas or a mini interview, that
would be awesome.

[1]
http://cert-mu.govmu.org/English/Pages/Targeted%20Alerts/2015/Targeted%20Security%20Alert_FREAK.pdf
[2] http://www.kb.cert.org/vuls/id/243585
[3] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637
[4] Microsoft Secure Channel is the Windows implementation of SSL/TLS
[5] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204

Cheers,

Ish Sookun

*- Geek by birth, Linux by choice.*
* +-+-+-+-+-+-+-+-+-+-+*
* |H|A|C|K|L|O|G|.|i|n|*
* +-+-+-+-+-+-+-+-+-+-+ *


*https://twitter.com/IshSookun <https://twitter.com/IshSookun> ^^ Do you
tweet?*
Received on Mon Mar 09 2015 - 13:43:38 PST