We’ve Moved

Please update your bookmarks. Support for PowerSchool Learning has moved to the new PowerSchool Community. Visit the PowerSchool Community to find answers in our knowledge base and participate in discussions.

 

How can we help?

Security Advisory - SSL/TLS "Logjam" vulerability of 20 May 2015

Follow

Learning Security Advisory - OpenSSL Security Advisory of 19 March 2015

Release Date

2015-05-20

Last Update

2015-05-21

Solution Status

Not Vulerable

Description

Security researches published details about an SSL downgrade attack which they named Logjam. This attack is made possible due to weaknesses in the Diffie-Hellman key exchange used by some servers as part of the SSL encryption process. If a connection is downgraded, the traffic is then susceptible to a man in the middle (MITM) attack.

Level

Moderate

Impact

Allows unauthorized disclosure of information.

Systems Affected

PowerSchool Learning, CloudFlare (our CDN provider)

Summary:

On May 20th, security researchers published information about a newly discovered vulnerability in SSL connections that use the Diffie-Hellman key exchange (aka DHE). The researchers called this vulnerability the Logjam attack. The Logjam vulnerability does not affect Elliptic Curve Diffie-Hellman (aka ECDHE).

Haiku Learning and CloudFlare are not affected by Logjam because neither uses DHE for key exchange. Therefore no further actions were required.

CloudFlare has written up a detailed explanation of the Logjam attack, if you're interested in learning more about the vulnerability.

Status:

  • PowerSchool Learning systems were not vulnerable.
  • All CloudFlare systems were not vulnerable.
Powered by Zendesk