AnsweredAssumed Answered

Definition Correction : QID 38605 - SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability

Question asked by Azaz Ahmed on Jun 7, 2016
Latest reply on Jun 12, 2016 by Azaz Ahmed

Definition Correction :

As Per Qualys Defination for QID 38605 - SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability

 

Threat :  The remote SSL/TLS server is vulnerable to FREAK attack when: 

 

1.The "RSA+EXPORT" ciphers are supported;

2.The size of the RSA public key in certificate is stronger than 1024;

3.The temporary RSA key size is less than 1024;

4.The temporary RSA key is stable(used multiple times);

 

Only SSLv3 and TLSv1 are potentially vulnerable

 

***** So for Point no 2 which i think is incorrect and needs to be corrected as  " The remote SSL/TLS server is vulnerable to FREAK attack when: 2.The size of the RSA public key in certificate is weaker than 1024 " however detection is correct by Qualys VM but as operational point of view it is creating chaos in Infra..Please provide your suggestions/inputs

Outcomes