Geekflare
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Security and Test Management  |  Last updated: November 30, 2022
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

How to test Logjam Attack (CVE-2015-4000) and fix?

By
Untitled-1200-×-385-px-21

A guide to fix Logjam vulnerability in Apache HTTP & Nginx webserver

Introduction

Logjam vulnerability is found in TLS libraries (EXPORT cipher) on 20th May 2015 by team of computer scientists at CNRS, Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft Research, Johns Hopkins University, University of Michigan, and the University of Pennsylvania: David Adrian, Karthikeyan Bhargavan, Zakir Durumeric,Pierrick GaudryMatthew GreenJ. Alex HaldermanNadia HeningerDrew SpringallLuke ValentaBenjamin VanderSloot,Eric WustrowSantiago Zanella-Beguelin, and Paul Zimmermann.

The Logjam vulnerability helps attacker (man-in-the-middle) to downgrade TLS connections to 512-bit export-grade cryptography. This helps an attacker to read and modify any data transmitted over the network connection.

You see, this is dangerous as an attacker can read credit card or sensitive information if your application is vulnerable to Logjam. This reminds me of FREAK attack.

Logjam vulnerability can be on any protocols like HTTPS, SSH, IPSec, SMTP that leverage on TLS.

As of 24th May, there are 8.4% of the top 1 million domains are affected by Logjam vulnerability.

logjam-stats

Test if the client is Vulnerable

The easiest way to test would be to access this SSL lab client test page on the browser.

logjam-client-test

Alternatively, you can also try this one.

Test if the server is Vulnerable

There are multiple tools you can use to test.

TLS Scanner – an online scanner powered by Testssl.sh check the given site against for TLS misconfiguration and vulnerability including Logjam.

KeyCDN – another tool to test if the site is vulnerable to Logjam.

Fix Logjam Attack Vulnerability

You can disable EXPORT cipher suits at respective web server configuration to mitigate this vulnerability.

Apache HTTP Server

Disable export cipher by adding the following in the SSL configuration file.

SSLCipherSuite !EXPORT

Restart Apache, and that’s all.

Nginx

Add the following in nginx.conf file

ssl_ciphers '!EXPORT'; 
#Note: - If you already have ssl_ciphers configured, you just need to add !EXPORT in existing line instead of adding new one.

You may also refer here to fix this in Sendmail, Tomcat, IIS, HAProxy, Lighthttpd, etc.

What’s next?

If you are looking for continuous security protection for your online business then you may consider using cloud-based WAF.

  • Chandan Kumar
    Author
    Chandan Kumar is the founder of Geekflare. He’s helped millions to excel in the digital realm. Passionate about technology, He’s on a mission to explore the world and amplify growth for professionals and businesses.
Thanks to our Sponsors
More great readings on Security
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti
    Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Brightdata
    Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com
    Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder
    Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder