Security researchers discover new SSL/TLS on a serious vulnerability. Find the vulnerability the researchers noted that the use of this encryption technology vulnerabilities, hackers can steal Apple Safari and Google Android browsers of the user communication.
Security experts found that a called FREAK（Factoring RSA-Export Keys, the decomposition of the RSA export key the attack. The attacks use of N. S. A. in the 2 0 century 9 0 age of early encryption during the war authorization supported but has been deprecated for a long time“export-grade”encryption support. Although the N. S. A. in 2 0 0 0 years has been to abandon this strategy, but many of the SSL/TLS client and server still support this type of connection. When the vulnerable client tries to connect to still allow the export level password of the host, it will cause problems. The attacker can be obtained from the server and pre-crack the weaker export passwords, then masquerade as a legitimate host to launch middle attack.
Vulnerability to harm:
Using this vulnerability the attacker can hijack the presence of vulnerability of the client and the gaps in service between the end of the session, thereby performing middle man attack.
About 3 to 6% on the openssl website is affected.
https://freakattack.com 该 网站 列出 了 存在 漏洞 的 网站 the.
Currently the Apple Safari and Google Android browsers are affected.
You can use openssl to verify, the command is as follows
root@kali:~# openssl s_client-connect www.baidu.com:443 -cipher EXPORT
If the server is not affected by this vulnerability, it returns
Affected by this vulnerability, then return
Service end please update latest version of openssl
For the client of the repair, there is no manufacturer to provide patches, please pay close attention to