575 cloud-based services are potentially vulnerable to the LogJam attack, according to cloud security firm Skyhigh Networks.
It was found that 99% of companies are using at least one cloud service that is potentially vulnerable, with the average enterprise utilising 71 vulnerable services.
The Logjam vulnerability, which is similar to the FREAK attack that was identified earlier this year, enables man-in-the middle (MITM) attacks. It would occur In the client’s Hello message, asking for a standard ‘DH’ ciphersuite.
It allows the attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography.
The message will be changed by the MITM attacker to ask for export DH and the server responds with a 512-bit export DH key, signed with its long-term key.
Because of the OpenSSL/Secure Transport bug, the client accepts the weak key. The attacker will then factor the DH modulus to recover the corresponding DH decryption key.
The attacker can decrypt the pre-master secret to the server in order to recover the TLS master secret, resulting in plain text and can inject anything it wants.
Skyhigh Networks European spokesperson Nigel Hawthorn said: "To patch the vulnerability, cloud providers should disable support for export suites, deploy elliptic-curve Diffie Hellman, and generate a strong, unique Diffie Hellman Group.
"Likewise, individual organisations must determine and contain both their client-side and service-side exposure. For instance, simple steps like making sure employees only use browser versions that are not vulnerable, such as patched versions of Chrome or Firefox."
