Check your servers for FREAK vulnerability

A recent discovery has proven that OpenSSL library is one of the most used (if not the most used) toolkit used by developers and system administrators for SSL/TLS implementation. This also means that the library is subject to continuous attacks and hence vulnerabilities are to be found.

e633df96d3849e0954c78d2fe8a591b9

The latest report from techreport (http://techreport.com/news/27903/freak-vulnerability-exploits-old-encryption-export-restrictions)
lays out a well described vulnerability called FREAK.
The vulnerability has both affected the client side and the server side of the web world.

Basically the flaw allows attackers to intercept HTTPS connections between clients and servers (both have to be affected by the SSL/TLS openness) and force them to use ‘export-grade’ encryption type. The latter can then be decrypted or altered, making the connection no different from a simple HTTP.

KeyCDN has already given a tool to check whether a domain is affected or not here: https://tools.keycdn.com/freak.
Also, you could check that your browser is not allowing export-grade cryptography by following this link: https://freakattack.com/.

The fastest solution to this is having the OpenSSL library updated to at least version 1.02. Stay safe.

Leave a comment