How can we help?

Security Advisory - SSL/TLS "Logjam" vulerability of 20 May 2015

Follow

Learning Security Advisory - OpenSSL Security Advisory of 19 March 2015

Release Date

2015-05-20

Last Update

2015-05-21

Solution Status

Not Vulerable

Description

Security researches published details about an SSL downgrade attack which they named Logjam. This attack is made possible due to weaknesses in the Diffie-Hellman key exchange used by some servers as part of the SSL encryption process. If a connection is downgraded, the traffic is then susceptible to a man in the middle (MITM) attack.

Level

Moderate

Impact

Allows unauthorized disclosure of information.

Systems Affected

PowerSchool Learning, CloudFlare (our CDN provider)

Summary:

On May 20th, security researchers published information about a newly discovered vulnerability in SSL connections that use the Diffie-Hellman key exchange (aka DHE). The researchers called this vulnerability the Logjam attack. The Logjam vulnerability does not affect Elliptic Curve Diffie-Hellman (aka ECDHE).

Haiku Learning and CloudFlare are not affected by Logjam because neither uses DHE for key exchange. Therefore no further actions were required.

CloudFlare has written up a detailed explanation of the Logjam attack, if you're interested in learning more about the vulnerability.

Status:

  • PowerSchool Learning systems were not vulnerable.
  • All CloudFlare systems were not vulnerable.
Powered by Zendesk