Does your website safe from FREAK Attack?
Web Security is happening subject these days. There is always something to keep Security Expert busy and vulnerabilities name is a bit catchy like Heart Bleed, Poodle, and now Freak Attack.
In this guide, I will explain how to identify if your website is affected and the procedure to fix the vulnerabilities.
If you are interested or don’t know about Freak Attack then here are few words. Karthikeyan Bhargavan discovered FREAK attack vulnerability at INRIA in Paris.
It was announced on 3rd March 2015 that new SSL/TLS vulnerability would allow an attacker to intercept HTTPS connection between vulnerable client and server and the ability to force them to use weak encryption. This will help an attacker to steal or manipulate sensitive data.
Check if your server is vulnerable
If your Web Server accepts RSA_EXPORT cipher suites then you are at risk. You can perform a check against your HTTPS URL at the following link.
Fix FREAK Attack Security Vulnerability
Apache HTTP Server – you can disable EXPORT cipher suites by adding below in your httpd.conf or SSL configuration file.
You may already have an SSLCipherSuite line in your configuration file. If so, you just need to add
!EXPORT at end of the line.
If you are new to the configuration, you can read my Apache Web Server Security & Hardening Guide.
Nginx – add the following in your configuration file.
As a website owner or security engineer, you should regularly perform a security scan against your website to find out for any new vulnerabilities and get notified.
You may also be interested in fixing the Logjam attack.
More great readings on Security
Protect Your Web Applications and APIs with G-Core Labs WAFAmrita Pathak on June 10, 2022
Create an Incident Report in Minutes With These TemplatesSatish Shethi on June 6, 2022
Software Composition Analysis (SCA): Everything You Need to Know in 2022Amrita Pathak on May 26, 2022
Best On-premise Password Manager for Your Business – PassworkHitesh Sant on June 1, 2022
How to Scan and Fix Log4j Vulnerability?Amrita Pathak on May 10, 2022
How to Protect Your WordPress Site with iThemes Security ProHitesh Sant on May 7, 2022
Join Geekflare Newsletter
Every week we share trending articles and tools in our newsletter. More than 10,000 people enjoy reading, and you will love it too.