Check your site for Logjam

Logjam Attack

The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.

Scan your servers for Logjam

You can test if your server is vulnerable via the Qualys SSLServer test or via a form on the weakdh.org website.

The output from weakdh.org is a JSON object that is far more easier to parse than the results from Qualys. I asked the people from weakdh.org if I could use their test to verify a list of hosts (approx. 500) with a 5 second interval to check if a host is vulnerable to Logjam. They agreed to it. You can get my small Python script from Github. If you plan on using this script to scan your environment I suggest you ask them permission first and use a sane waiting time between the different queries.

You can get the script from Github. It uses three parameters

  • weakdh_hosts : a text file with the hosts to check
  • pause_interval : the interval to wait between a query
  • base_url : the URL from weakdh.org

Note that the script only checks for really vulnerable sites. Sites that have 1024-bit Diffie-Hellman might be vulnerable to “nation-state” attackers also. This script does not raise a warning for these sites.

Leave a Reply

Your email address will not be published. Required fields are marked *