Dx Spectrum - Web Assessment Vulnerability- TLS/SSL LOGJAM attack

book

Article ID: 210066

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Security Centre team scan web vulnerability assessment on the spectrum one click.

Risk : TLS/SSL LOGJAM attack

Cause

"The LOGJAM attack is a SSL/TLS vulnerability that allows attackers to intercept HTTPS connections
between vulnerable clients and servers and force them to use 'export-grade' cryptography, which can then
be decrypted or altered. This vulnerability alert is issued when a web site is found to support DH(E) export
cipher suites, or non-export DHE cipher suites using either DH primes smaller than 1024 bits, or commonly
used DH standard primes up to 1024 bits."

Environment

Release : 10.4.1

Component : Spectrum Core / SpectroSERVER

Resolution

Impact
An attacker may intercept HTTPS connections between vulnerable clients and servers.

 

Note: 

This has been addressed in Spectrum 10.4.3 version.