Userlevel 2
CVE-2015-4000 "LogJam" issue is due to the TLS protocol 1.2 and earlier not properly conveying a DHE_EXPORT choice when a DHE_EXPORT ciphersuite is enabled on a server but not on a client. This allows man-in-the-middle attackers to conduct cipher-downgrade attacks.

Extreme Networks response to CVE-2015-4000 "LogJam" vulnerability is available at the following url:

0 replies

Be the first to reply!