From: Ish Sookun <ish_at_hacklog.in>
Date: Mon, 9 Mar 2015 17:43:21 +0400
Hello,
CERT-MU released a security alert today[1] addressing the FREAK
vulnerability[2].
The PDF they provide mentions the FREAK attack in general while citing only
CVE-2015-1637[3] which covers the vulnerability in Microsoft Secure
Channel[4] product. The document misses out the CVE id for OpenSSL which is
CVE-2015-0204[5].
The main highlight of this vulnerability is the use of weak ciphers.
I'm planning to write a blog post with a possible attack scenario; if
somebody would like to contribute with ideas or a mini interview, that
would be awesome.