[MASOCH-L] Freak

Rubens Kuhl rubensk at gmail.com
Tue Mar 3 17:01:51 BRT 2015

Entre os afetados, diversos .br proeminentes...


On Tuesday, March 3, 2015, researchers disclosed a new TLS vulnerability —
the FREAK attack. In short, the vulnerability allows attackers to intercept
a vulnerable HTTPS connection and force it to use 'export-grade' RSA
cryptographic suites, which can then be decrypted.

A connection is vulnerable if the server accepts RSA EXPORT cipher suites
and the client either offers an RSA EXPORT suite or is using a version of
OpenSSL that is vulnerable toCVE-2015-0204
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>. Vulnerable
clients include many Google and Apple devices, which use unpatched versions
of OpenSSL, a large number of embedded systems, and many programs other
than browsers that use TLS behind the scenes without disabling the
vulnerable cryptographic suites.

More information about the masoch-l mailing list