Cryptography / SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

Description

SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) is a vulnerability in cryptography that affects infrastructure. It is categorized as CWE-327: Use of a Broken or Risky Cryptographic Algorithm and is identified as an A8 Insecure Cryptographic Storage in the OWASP Testing Guide. This vulnerability occurs when an organization uses a Diffie-Hellman key exchange with a modulus less than or equal to 1024 bits. It can be exploited by an attacker to downgrade the security of TLS connections and enable man-in-the-middle (MITM) attacks.

Risk

This vulnerability can have serious security implications. An attacker can gain access to sensitive data by leveraging this vulnerability to launch a MITM attack. The risk assessment for this vulnerability is “high” as it can be used to gain unauthorized access to networks and data.

Solution

Organizations should ensure that all Diffie-Hellman key exchanges are configured with a modulus greater than 1024 bits. This can be achieved by disabling support for 1024-bit Diffie-Hellman exchanges on servers and ensuring that stronger key sizes are used.