CERT mailing list archives
FREAK SSL/TLS Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 06 Mar 2015 18:14:46 -0600
NCCIC / US-CERT National Cyber Awareness System: FREAK SSL/TLS Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2015/03/06/FREAK-SSLTLS-Vulnerability ] 03/06/2015 06:19 PM EST Original release date: March 06, 2015 FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 [ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204 ]) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory [ https://technet.microsoft.com/library/security/3046015.aspx ] that includes a workaround for supported Windows systems. Users and administrators are encouraged to review Vulnerability Note VU#243585 [ http://www.kb.cert.org/vuls/id/243585 ] for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com [ http://www.freakattack.com ] to help determine whether their browsers are vulnerable. ("Note: DHS does not endorse any private sector product or service. The last link is provided for informational purposes only.") ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- FREAK SSL/TLS Vulnerability US-CERT (Mar 06)