Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SSL/TLS: 'DHE_EXPORT' Man in the Middle Security Bypass Vulnerability (LogJam)
Information
Severity
Severity
Medium
Family
Family
SSL and TLS
CVSSv2 Base
CVSSv2 Base
4.3
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
8 years ago
Modified
Modified
5 years ago
Summary
This host is accepting 'DHE_EXPORT' cipher suites and is prone to man in the middle attack.
Insight
Insight
Flaw is triggered when handling Diffie-Hellman key exchanges defined in the 'DHE_EXPORT' cipher suites.
Affected Software
Affected Software
- Hosts accepting 'DHE_EXPORT' cipher suites - OpenSSL version before 1.0.2b and 1.0.1n
Detection Method
Detection Method
Check previous collected cipher suites saved in the KB.
Solution
Solution
- Remove support for 'DHE_EXPORT' cipher suites from the service - If running OpenSSL updateto version 1.0.2b or 1.0.1n or later.