Critical Alert: FREAK Attack Vulnerability Affecting Windows & Linux Servers
References:
Tracking the FREAK Attack
This advisory is provided as a courtesy.
We would like to bring to your attention a newly discovered SSL/TLS security bug called the FREAK (Factoring attack on RSA-EXPORT Keys) attack, affecting major browsers on Windows OSes, Google Android OS and Apple IOS when they are accessing vulnerable SSL websites/servers. It allows attackers to intercept HTTPS connections between vulnerable servers and clients, which are being forced to use a lower-grade encryption so that the attackers can break the encryption and capture sensitive information.
If you are running HTTPS / SSL websites on your servelet/server, we strongly recommend you to check if your SSL web server is vulnerable to the FREAK attack.
The security bug was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team and has been assigned bug-ID CVE-2015-0204.
Impact
If you are running a vulnerable HTTPS / SSL websites and being accessed by vulnerable browser clients, your server will be at risk of being hacked and attackers will be able to use vulnerability to steal sensitive information.
Affected Server
Any SSL servers that accept RSA_EXPORT cipher suites are vulnerable to the FREAK attack.
Check if Affected
You can use this tool (provided by KeyCDN) to check if your SSL web server is vulnerable to the freak attack. Key in the hostname or IP address and then click on "Check".
If you see this message:
"Safe! The domain xx.xxxxxxxxxx.xxx:443 is not vulnerable to the SSL FREAK attacks."
that means your website is safe. However, if you see this message:
"Vulnerable! The domain xxxxxx.xxx:443 is vulnerable to the SSL FREAK attacks."
that means your website is vulnerable.
How to Fix the Problem
If your server is affected by the vulnerability, you would need to ensure that support for TLS export cipher suite is disabled on your server. At the same time, make sure that you TLS libraries you use are up to date.
Linux Systems
On most Linux systems, you need to ensure that you are using latest version of OpenSSL. You can do so by installing the latest patches for your operating systems.
On Ubuntu/Debian systems:
sudo apt-get update
sudo apt-get upgrade
and then reboot the system.
On CentOS systems:
yum update
and then reboot the system.
Windows Systems
On Windows systems, take note that Microsoft Schannel (Secure Channel) is affected by the vulnerability and currently Microsoft is working on the patch to resolve the problem. In the meantime, you should apply the workarounds to close the gap as recommended by Microsoft on their advisory.
Vulnerabilities on Web Browsers / Client End
The FREAK attack is possible when a vulnerable web server is being accessed by vulnerable web browsers, so you might want to ensure that your web browsers are not vulnerable to the attack. Some of vulnerable browsers include Internet Explorer, Chrome on MacOS and Android, and Safari on MacOS and iOS, among others. You can check whether your browser is vulnerable by using the Freak Client Test Tool provided by freakattack.com here.
More information:
https://freakattack.com/
https://technet.microsoft.com/en-us/library/security/3046015
http://www.theguardian.com/technology/2015/mar/04/freak-attack-leaves-millions-of-apple-and-google-users-vulnerable-to-hackers
http://thehackernews.com/2015/03/freak-openssl-vulnerability_5.html
Request Assistance
If needed, we will perform the patch installation for you at a one-time discounted fee of $25. Please submit your order at Order -> Additional Services -> Vulnerability Fix: Bash Bug/Shellshock, Windows SCHANNEL, GHOST glibc, FREAK attack - $25
Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.
For example:
Hostname: test-dd
IP Address: 103.25.202.81
OS Template: CentOS 6.5 (64-bit) 20140123a
Thank you.
SimplerCloud Support Team
??
English
Bahasa Indonesia
???
Espanol