An attack method known as Factoring RSA Export Keys (FREAK) could allow an unauthenticated, remote attacker the ability to perform a man-in-the-middle (MiTM) attack, to bypass security restrictions, and to gain access to sensitive information.
The attack leverages a vulnerability in OpenSSL in which RSA temporary keys could be downgraded due to weak export cipher suites. An unauthenticated, remote attacker with the ability to perform a MiTM attack between a vulnerable client and server could exploit this vulnerability to decrypt SSL/TLS communication and gain access to sensitive information, which could be leveraged to conduct further attacks.
Proof-of-concept that demonstrates the FREAK attack is publicly available.
OpenSSL has released software updates for the vulnerability used in the FREAK attack at the following links:
IntelliShield previously covered CVE-2015-0204, which is being leveraged by the FREAK attack at the following link: IS Alert 36956
Administrators are advised to apply the appropriate updates.
Administrators who have not upgraded to a fixed version of OpenSSL are encouraged to turn off export ciphersuites on vulnerable systems.
Administrators are advised to monitor affected systems.