Enterprise, cloud services exposed as vulnerable to Logjam

An analysis of the security flaw claims over 500 cloud providers are vulnerable -- and almost all average enterprise firms may currently be at risk.


Cloud services used by businesses are placing enterprise companies at risk from Logjam, according to Skyhigh Networks.

On Tuesday, reports surfaced that tens of thousands of HTTPS websites, mail servers and other services reliant on the Diffie-Hellman key exchange algorithm could potentially be vulnerable to a new security flaw dubbed Logjam.

The report (.PDF) claims that cryptographic weaknesses with the algorithm allow for man-in-the-middle (MITM) cyberattacks, as well as the degradation of TSL and encrypted communications -- leaving HTTPS websites open to eavesdropping and the manipulation of data filtering through the channel.

The computer scientists who exposed the flaw estimate that 8.4 percent of the top one million HTTPS domains are vulnerable to attack, commenting:

"The computation against the most common 512-bit prime used for TLS demonstrates that the Logjam attack can be used to downgrade connections to 80 percent of TLS DHE EXPORT servers. We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime.

Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18 percent of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66 percent of VPN servers and 26 percent of SSH servers."

According to an analysis by Skyhigh Networks, the enterprise is not exempt from potential MITM attacks caused by the flaw. The Skyhigh Service Intelligence Team scanned thousands of cloud providers and discovered six hours after details of the vulnerability were released into the public domain, 575 cloud providers remain potentially vulnerable.

"With the average company using 923 cloud services, the chances that an organization uses one or more vulnerable services is high," Skyhigh says. "Across the 400+ enterprises using Skyhigh, 99 percent are using at least one cloud service that is potentially vulnerable, and the average enterprise uses 71 vulnerable services. We will continue to track these vulnerable services and work with customers to diagnose and remediate their vulnerabilities."

Skyhigh says the company is currently contacting each cloud provider which is vulnerable to Logjam, as well as the firm's customers who are using potentially vulnerable services.

In the meantime, companies can protect themselves by ensuring employees only use browsers which have been patched against the problem, ensure any open SSL use in the enterprise is up-to-date -- as well as VPN servers in use. In addition, the enterprise can use this tool to check individual services and their vulnerability.

Nigel Hawthorn, European spokesperson of Skyhigh Networks commented:

"To patch the vulnerability, cloud providers should disable support for export suites, deploy elliptic-curve Diffie Hellman, and generate a strong, unique Diffie Hellman Group. Likewise, individual organisations must determine and contain both their client-side and service-side exposure.

For instance, simple steps like making sure employees only use browser versions that are not vulnerable, such as patched versions of Chrome or Firefox."