Logjam

Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.

The issue is located in the EXPORT cryptography, similar to the FREAK attack (although Logjam is a flaw in the TLS protocol whereas FREAK was an implementation vulnerability). The technical details have been covered by CloudFlare, Logjam: the latest TLS vulnerability explained.

In essence it affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers.

Logjam is by far not a “new” Heartbleed. But because the issue is to be found in SSL and people tend to consider SSL as secure, it is absolutely worthwhile to get your systems fixed.

A list of websites in Belgium

The report on Logjam was published around May 2015. I decided to test if the majority of Belgian websites were still vulnerable two weeks after the initial report.

There is no such thing as “a list of all the Belgian” websites. For an older post (Analyze HTTP headers) I used the Alexa Top 1,000,000. This time I decided to use a different approach.

Dnsenum (also included in BackTrack) allows you to do DNS enumeration. One of its features is to do Google scraping. I used this tool to get a list of Belgian websites. It queries Google for allinurl: -www site:be.

I ran the tool a couple of times, via Belgian IPs and foreign (TOR) IPs, to get a large list of Belgian hosts. Because Google results are influenced by the geographical region where the search is performed using both the TOR and Belgian IPs allowed me to get a good mix of results.

Dnsenum is available via Github

git clone https://github.com/fwaeytens/dnsenum.git

You can then run it with the scraping (and number of pages) option.

./dnsenum.pl -p 100 -s 1000 be

I pasted the output in one big file and then used awk to filter out the domain names.

cat weakdh.hosts.tmp  | awk '{print $1;}' | sort | uniq > weakdh.hosts
cat weakdh.hosts.tmp  | awk '{print $1;}' | sort | uniq | awk '{print "www."$1;}' > weakdh.hosts_withwww

This created two files. One with the domain name as it was found in the Google results. And one with www. prepended. Adding this www. can result in a number of non-existing hosts appearing on the list. This is not an issue. I’m interested in how many of the SSL hosts are vulnerable, whether or not a hosts exists doesn’t influence the final result (if the host doesn’t exist there’s no SSL to start with).

Scan for vulnerable Logjam sites

The website of WeakDH has a test that allows you to test if your site is vulnerable. The test returns a JSON object that you can parse. You can achieve the same via the Qualys SSLlabs test but the result from WeakDH is far more easier to parse.

I asked the people from WeakDH first if they agree on using their test. I wrote a small Python script that does the test for you, via WeakDH. If you run the script you are not connecting directly to the site you want to test, the test is done from WeakDH.

My script is also on Github. The configuration is inline

• weakdh_hosts : a text file with the hosts to check
• pause_interval : the interval to wait between a query
• base_url : the URL from weakdh.org
• verbose : give verbose output

I really recommend to set a sane pause_interval so you do not abuse the free service from WeakDH.

Usage of the script is straightforward

./weakdh.py 
1.2.3.4     myhost.tld.  no result from weakDH
1.2.3.4     myhost.tld. no TLS
1.2.3.4     myhost.tld. Vulnerable
...
270 hosts tested, 56 with no results, 21 sites with TLS, 4 vulnerable

Websites vulnerable to Logjam in Belgium

I started with a list of 369 .be domains, adding the www. prefix resulted in 738 domains that have been tested.

The test was done on the evening of 2-Jun-2015. Out of 738 hosts, 308 had TLS support. This means that almost 41% of the tested Belgian sites supports TLS.

Out of the 308 TLS hosts, 25 were, according to WeakDH, vulnerable to Logjam. The test against the original domains found in Google returned 17 vulnerable hosts, the test against the domains with added www. returned 8 vulnerable hosts.

This means that 8.1% of the tested Belgian sites are still vulnerable to a possible Logjam attack. The list of vulnerable sites contains a number of interesting targets :

• 3 sites run by Belgian universities;
• 2 proxy hosts run by a Belgian government agency;
• 1 web interface towards a mail host for a high school (mail.X.be);
• 1 site run by a Belgian public transport organization;

I’m vulnerable to Logjam, what should I do?

Servers

If you run a server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.

Also note that if you follow(ed) the advice from BetterCrypto you should be safe. Their blog post describes how you can check and remediate your systems. The general recommendation is to use 4096bits wherever possible but note that some servers and clients don’t work well with DH-Parameters > 1024 bits.

The remediation is covered in detail by https://weakdh.org/.

End users

End users should upgrade their browsers.

Conclusion

The number of Belgian websites vulnerable to Logjam, 8.1%, is more or less similar to the worldwide number of sites seen vulnerable to Logjam, 8.4%, by WeakDH. Amongst the 8% .be sites there are some ‘interesting’ targets.

Although the number of tested sites is relatively low compared to the entire .be domain space I think that, because of using the Google query results as a source, it is a very representative test set.

I did not look specifically at results from sites that use one of a few commonly shared 1024-bit Diffie-Hellman groups that may be susceptible to passive eavesdropping from an attacker with nation-state resources.