Security Bulletin: The LogJam Attack on Diffie-Hellman ciphers (CVE-2015-4000) affects some versions of the DS8000.

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 affects some versions of the DS8000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DataQuant for Workstation (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DataQuant for Workstation. Vulnerability Details CVEID: CVE-2015-4000 The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Flex System Manager (FSM) SMIA Configuration Tool (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Flex System Manager FSM SMIA Configuration Tool also known as Network Advisor. Vulnerability Details Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000)

Summary The Logjam vulnerability in TLS connections using the Diffie-Hellman DH key exchange protocol affects some components of IBM Tivoli Monitoring ITM. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, cause...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Tivoli Storage Manager FastBack for Workstations (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Tivoli Storage Manager FastBack for Workstations. The TSM FastBack for Workstations Central Administration Console CAC has a security vulnerability in the underlying IBM WebSphere and IBM...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational Automation Framework (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Automation Framework. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server 2.5 (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server 2.5. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

Mozilla Reduces Threat of Export-Grade Crypto to Firefox

Logjam was one of several downgrade attacks discovered in the last 18 months that could theoretically allow a resourced attacker to take advantage of lingering export-grade cryptography to read and modify data over a supposedly secure connection. While the severity of this particular attack again...

SUSE-SU-2016:2209-1 Security update for libtcnative-1-0

This update for libtcnative-1-0 fixes the following issues: - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 bsc938945...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

Export-Grade Crypto Patching Improves

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...

Important: openssl098e

Issue Overview: A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. CVE-2015-02...

DROWN Flaw Illustrates Dangers of Intentionally Weak Crypto

Calls for encryption backdoors that date back to the 1990s are coming back to haunt the industry 20 years later with DROWN, security experts say. The flaw that researchers found with DROWN center around the fact that during the so called Crypto Wars of the 1990s President Bill Clinton’s...

DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

AIX 6.1 TL 8 : sendmail (IV75644) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...