Scanning for Weak Diffie-Hellman Groups
In May 2015, newly disclosed research focused on a new vulnerability, coined Logjam, which affected the Diffie-Hellman key exchange component of the TLS protocol. While this research only addressed one part of the multi-faceted cryptographic disclosure, many other services rely on diffie-hellman and are potentially vulnerable. It is critical to be vigilant and conduct regular vulnerability scans to harden infrastructures against aftershock-style attacks.
In this Whitepaper, you'll learn about:
- The weaknesses affecting Diffie-Hellman implementations based on modular integer arithmetic;
- How a new Nmap script designed to detect those weaknesses also helps to identify more subtle vulnerabilities, useful to server administrators and vulnerability scanning teams.