270:
Sites affected by the vulnerability included the US federal government websites fbi.gov, whitehouse.gov and nsa.gov, with around 36% of HTTPS-using websites tested by one security group shown as being vulnerable to the exploit. Based on geolocation analysis using IP2Location LITE, 35% of vulnerable
175:
between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the
159:(NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known
289:
operating systems which fixed this flaw. On March 10, 2015, Microsoft released a patch which fixed this vulnerability for all supported versions of
Windows (Server 2003, Vista and later).
627:
520:
357:
304:
The research paper explaining this flaw has been published at the 36th IEEE Symposium on
Security and Privacy and has been awarded the Distinguished Paper award.
281:
As of March 2015, vendors were in the process of releasing new software that would fix the flaw. On March 9, 2015, Apple released security updates for both
945:
138:
821:
766:
772:
571:
635:
916:
760:
1217:
1038:
248:
854:
1257:
960:
748:
719:
434:
1181:
873:
468:
176:
exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.
1247:
1242:
1186:
783:
998:
968:
867:
978:
848:
453:
1252:
1159:
922:
328:
220:
1018:
950:
889:
338:
318:
313:
1139:
1102:
1069:
742:
728:
323:
243:
implementation of transport-layer encryption is vulnerable to a version of the FREAK attack in all versions of
185:
172:
168:
156:
134:
105:
86:
900:
884:
789:
542:
650:"IEEE Distinguished Paper award for A Messy State of the Union: Taming the Composite State Machines of TLS"
879:
843:
754:
275:
24:
1206:
1107:
827:
712:
670:
613:
212:
483:"Microsoft Security Advisory 3046015: Vulnerability in Schannel Could Allow Security Feature Bypass"
435:"What The FREAK? Why Android And iPhone Users Need To Pay Attention To The Latest Hot Vulnerability"
294:
1123:
838:
193:
160:
146:
94:
688:
419:
680:
556:
482:
1074:
800:
274:
Press reports of the exploit have described its effects as "potentially catastrophic" and an "
244:
228:
1079:
895:
833:
705:
260:
252:
197:
130:
41:
36:
805:
298:
164:
142:
1236:
860:
795:
692:
649:
290:
1154:
928:
521:"'FREAK' flaw undermines security for Apple and Google users, researchers discover"
264:
256:
201:
57:
51:
45:
1201:
278:" of US government efforts to control the spread of cryptographic technology.
208:
151:
1196:
1008:
973:
572:""FREAK" flaw in Android and Apple devices cripples HTTPS crypto protection"
236:
224:
496:
1013:
1003:
988:
240:
113:
382:"A Messy State of the Union: Taming the Composite State Machines of TLS"
1053:
1048:
1033:
1023:
232:
109:
155:
keys), with the intention of allowing them to be broken easily by the
1211:
1164:
1144:
1043:
1028:
993:
599:
585:
381:
333:
216:
671:
https://web.archive.org/web/20150304002021/https://freakattack.com/
1149:
983:
778:
675:
401:
282:
189:
90:
20:
628:"Microsoft Admits Windows Users Are Vulnerable to FREAK Attacks"
286:
701:
697:
259:. The CVE ID for Apple's vulnerability in Secure Transport is
681:
https://infogr.am/https_sites_that_support_rsa_export_suites
665:
685:
141:. These involved limiting exportable software to use only
137:
protocols introduced decades earlier for compliance with
469:"All Microsoft Windows versions are vulnerable to FREAK"
358:"The Dark Side of Microsoft Windows – Administrative..."
454:"FREAK: Another day, another serious SSL security hole"
514:
512:
510:
1174:
1132:
1116:
1095:
1088:
1062:
959:
938:
909:
814:
735:
536:
534:
100:
82:
64:
35:
614:"Microsoft Security Bulletin MS15-031 - Important"
196:. The FREAK attack in OpenSSL has the identifier
743:Transport Layer Security / Secure Sockets Layer
402:"State Machine AttACKs against TLS (SMACK TLS)"
396:
394:
247:. The CVE ID for Microsoft's vulnerability in
19:For the term referring to unusual people, see
946:Export of cryptography from the United States
713:
543:"New FREAK Attack Threatens Many SSL Clients"
8:
822:Automated Certificate Management Environment
30:
1092:
767:DNS-based Authentication of Named Entities
720:
706:
698:
773:DNS Certification Authority Authorization
420:"Vulnerability Summary for CVE-2015-0204"
297:28 has also mitigated against this flaw.
207:Vulnerable software and devices included
167:services. Combined with the ability of a
452:Steven J. Vaughan-Nichols (2015-03-03).
600:"About the security content of iOS 8.2"
497:"About the security content of iOS 8.2"
349:
184:The flaw was found by researchers from
163:algorithm, using as little as $ 100 of
149:moduli of 512 bits or fewer (so-called
917:Domain Name System Security Extensions
761:Application-Layer Protocol Negotiation
29:
380:B. Beurdouche & al (2015-05-18).
301:is not vulnerable against this flaw.
7:
139:U.S. cryptography export regulations
133:of a cryptographic weakness in the
855:Online Certificate Status Protocol
433:Thomas Fox-Brewster (2015-03-03).
14:
749:Datagram Transport Layer Security
387:. IEEE Security and Privacy 2015.
1182:Certificate authority compromise
586:"About Security Update 2015-002"
1187:Random number generator attacks
874:Extended Validation Certificate
676:https://tools.keycdn.com/freak/
271:servers are located in the US.
784:HTTP Strict Transport Security
1:
467:Darren Pauli (6 March 2015).
868:Domain-validated certificate
616:. Microsoft. March 10, 2015.
541:Dennis Fisher (2015-03-03).
519:Craig Timberg (2015-03-03).
849:Certificate revocation list
570:Dan Goodin (3 March 2015).
485:. Microsoft. March 5, 2015.
1274:
923:Internet Protocol Security
736:Protocols and technologies
557:"FREAK Servers By Country"
329:Logjam (computer security)
171:to manipulate the initial
18:
951:Server-Gated Cryptography
890:Public key infrastructure
815:Public-key infrastructure
666:https://www.smacktls.com/
422:. NIST. 20 February 2015.
339:Server-Gated Cryptography
319:BREACH (security exploit)
314:BEAST (computer security)
239:has also stated that its
215:, the default browser in
127:Factoring RSA Export Keys
1258:Transport Layer Security
1103:Man-in-the-middle attack
1070:Certificate Transparency
686:http://www.sitemeer.com/
324:CRIME (security exploit)
186:IMDEA Software Institute
173:cipher suite negotiation
169:man-in-the-middle attack
157:National Security Agency
87:IMDEA Software Institute
1214:(in regards to TLS 1.0)
1167:(in regards to SSL 3.0)
901:Self-signed certificate
885:Public-key cryptography
806:Perfect forward secrecy
790:HTTP Public Key Pinning
602:. Apple. March 9, 2015.
588:. Apple. March 9, 2015.
1218:Kazakhstan MITM attack
880:Public key certificate
844:Certificate revocation
755:Server Name Indication
276:unintended consequence
25:Freak (disambiguation)
23:. For other uses, see
1248:Cryptographic attacks
1243:Web security exploits
1207:Lucky Thirteen attack
1108:Padding oracle attack
828:Certificate authority
116:and Secure Transport)
108:libraries (including
70:; 9 years ago
32:
1124:Bar mitzvah attack
839:Certificate policy
503:. 23 January 2017.
223:operating system,
213:Safari web browser
194:Microsoft Research
161:Number Field Sieve
95:Microsoft Research
68:March 3, 2015
60:(Secure Transport)
1253:2015 in computing
1230:
1229:
1226:
1225:
801:Opportunistic TLS
638:on April 8, 2015.
245:Microsoft Windows
229:Internet Explorer
120:
119:
101:Affected software
37:CVE identifier(s)
1265:
1093:
1080:HTTPS Everywhere
896:Root certificate
834:CA/Browser Forum
722:
715:
708:
699:
654:
653:
646:
640:
639:
634:. Archived from
624:
618:
617:
610:
604:
603:
596:
590:
589:
582:
576:
575:
567:
561:
560:
553:
547:
546:
538:
529:
528:
516:
505:
504:
493:
487:
486:
479:
473:
472:
464:
458:
457:
449:
443:
442:
430:
424:
423:
416:
410:
409:
398:
389:
388:
386:
377:
371:
370:
368:
367:
354:
143:public key pairs
131:security exploit
78:
76:
71:
33:
16:Security exploit
1273:
1272:
1268:
1267:
1266:
1264:
1263:
1262:
1233:
1232:
1231:
1222:
1170:
1128:
1112:
1089:Vulnerabilities
1084:
1058:
961:Implementations
955:
934:
905:
810:
731:
726:
662:
657:
648:
647:
643:
626:
625:
621:
612:
611:
607:
598:
597:
593:
584:
583:
579:
574:. Ars Technica.
569:
568:
564:
555:
554:
550:
540:
539:
532:
525:Washington Post
518:
517:
508:
495:
494:
490:
481:
480:
476:
471:. The Register.
466:
465:
461:
451:
450:
446:
432:
431:
427:
418:
417:
413:
400:
399:
392:
384:
379:
378:
374:
365:
363:
356:
355:
351:
347:
310:
299:Mozilla Firefox
182:
165:cloud computing
74:
72:
69:
65:Date discovered
28:
17:
12:
11:
5:
1271:
1269:
1261:
1260:
1255:
1250:
1245:
1235:
1234:
1228:
1227:
1224:
1223:
1221:
1220:
1215:
1209:
1204:
1199:
1194:
1189:
1184:
1178:
1176:
1175:Implementation
1172:
1171:
1169:
1168:
1162:
1157:
1152:
1147:
1142:
1136:
1134:
1130:
1129:
1127:
1126:
1120:
1118:
1114:
1113:
1111:
1110:
1105:
1099:
1097:
1090:
1086:
1085:
1083:
1082:
1077:
1072:
1066:
1064:
1060:
1059:
1057:
1056:
1051:
1046:
1041:
1036:
1031:
1026:
1021:
1016:
1011:
1006:
1001:
996:
991:
986:
981:
976:
971:
965:
963:
957:
956:
954:
953:
948:
942:
940:
936:
935:
933:
932:
926:
920:
913:
911:
907:
906:
904:
903:
898:
893:
887:
882:
877:
871:
865:
864:
863:
858:
852:
841:
836:
831:
825:
818:
816:
812:
811:
809:
808:
803:
798:
793:
787:
781:
776:
770:
764:
758:
752:
746:
739:
737:
733:
732:
727:
725:
724:
717:
710:
702:
696:
695:
691:2015-03-15 at
683:
678:
673:
668:
661:
660:External links
658:
656:
655:
641:
619:
605:
591:
577:
562:
548:
530:
506:
488:
474:
459:
444:
425:
411:
390:
372:
348:
346:
343:
342:
341:
336:
331:
326:
321:
316:
309:
306:
181:
178:
118:
117:
102:
98:
97:
84:
80:
79:
66:
62:
61:
39:
15:
13:
10:
9:
6:
4:
3:
2:
1270:
1259:
1256:
1254:
1251:
1249:
1246:
1244:
1241:
1240:
1238:
1219:
1216:
1213:
1210:
1208:
1205:
1203:
1200:
1198:
1195:
1193:
1190:
1188:
1185:
1183:
1180:
1179:
1177:
1173:
1166:
1163:
1161:
1158:
1156:
1153:
1151:
1148:
1146:
1143:
1141:
1138:
1137:
1135:
1131:
1125:
1122:
1121:
1119:
1115:
1109:
1106:
1104:
1101:
1100:
1098:
1094:
1091:
1087:
1081:
1078:
1076:
1073:
1071:
1068:
1067:
1065:
1061:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1035:
1032:
1030:
1027:
1025:
1022:
1020:
1017:
1015:
1012:
1010:
1007:
1005:
1002:
1000:
997:
995:
992:
990:
987:
985:
982:
980:
977:
975:
972:
970:
969:Bouncy Castle
967:
966:
964:
962:
958:
952:
949:
947:
944:
943:
941:
937:
930:
927:
924:
921:
918:
915:
914:
912:
908:
902:
899:
897:
894:
891:
888:
886:
883:
881:
878:
875:
872:
869:
866:
862:
861:OCSP stapling
859:
856:
853:
850:
847:
846:
845:
842:
840:
837:
835:
832:
829:
826:
823:
820:
819:
817:
813:
807:
804:
802:
799:
797:
796:OCSP stapling
794:
791:
788:
785:
782:
780:
777:
774:
771:
768:
765:
762:
759:
756:
753:
750:
747:
744:
741:
740:
738:
734:
730:
723:
718:
716:
711:
709:
704:
703:
700:
694:
693:archive.today
690:
687:
684:
682:
679:
677:
674:
672:
669:
667:
664:
663:
659:
652:. 2015-05-18.
651:
645:
642:
637:
633:
629:
623:
620:
615:
609:
606:
601:
595:
592:
587:
581:
578:
573:
566:
563:
559:. 2015-03-03.
558:
552:
549:
545:. Threatpost.
544:
537:
535:
531:
526:
522:
515:
513:
511:
507:
502:
498:
492:
489:
484:
478:
475:
470:
463:
460:
455:
448:
445:
440:
436:
429:
426:
421:
415:
412:
407:
403:
397:
395:
391:
383:
376:
373:
362:
359:
353:
350:
344:
340:
337:
335:
332:
330:
327:
325:
322:
320:
317:
315:
312:
311:
307:
305:
302:
300:
296:
292:
291:Google Chrome
288:
284:
279:
277:
272:
268:
266:
262:
258:
254:
250:
246:
242:
238:
234:
230:
226:
222:
218:
214:
210:
205:
203:
199:
195:
191:
187:
180:Vulnerability
179:
177:
174:
170:
166:
162:
158:
154:
153:
148:
144:
140:
136:
132:
128:
124:
115:
111:
107:
103:
99:
96:
92:
88:
85:
81:
67:
63:
59:
55:
53:
47:
43:
40:
38:
34:
26:
22:
1191:
929:Secure Shell
644:
636:the original
631:
622:
608:
594:
580:
565:
551:
524:
500:
491:
477:
462:
447:
438:
428:
414:
406:smacktls.com
405:
375:
364:. Retrieved
360:
352:
303:
280:
273:
269:
206:
183:
150:
126:
122:
121:
54:(Schannel),
49:
1075:Convergence
729:TLS and SSL
361:BeyondTrust
48:(OpenSSL),
1237:Categories
1202:Heartbleed
366:2023-09-05
345:References
152:RSA EXPORT
83:Discoverer
75:2015-03-03
1197:goto fail
1009:MatrixSSL
974:BoringSSL
745:(TLS/SSL)
632:eweek.com
501:apple.com
265:2015-1067
257:2015-1637
237:Microsoft
225:Microsoft
202:2015-0204
58:2015-1067
52:2015-1637
46:2015-0204
1133:Protocol
1063:Notaries
1039:SChannel
1014:mbed TLS
1004:LibreSSL
989:cryptlib
919:(DNSSEC)
910:See also
689:Archived
456:. ZDNet.
308:See also
249:Schannel
241:Schannel
129:") is a
114:Schannel
1054:wolfSSL
1049:stunnel
1034:s2n-tls
1024:OpenSSL
939:History
925:(IPsec)
293:41 and
233:OpenSSL
221:Android
135:SSL/TLS
110:OpenSSL
104:Client
73: (
1212:POODLE
1165:POODLE
1160:Logjam
1145:BREACH
1117:Cipher
1096:Theory
1044:SSLeay
1029:Rustls
994:GnuTLS
857:(OCSP)
824:(ACME)
792:(HPKP)
786:(HSTS)
769:(DANE)
763:(ALPN)
751:(DTLS)
439:Forbes
334:POODLE
231:, and
217:Google
1192:FREAK
1155:DROWN
1150:CRIME
1140:BEAST
984:BSAFE
979:Botan
931:(SSH)
892:(PKI)
851:(CRL)
779:HTTPS
775:(CAA)
757:(SNI)
385:(PDF)
295:Opera
283:iOS 8
209:Apple
190:INRIA
145:with
123:FREAK
91:INRIA
31:FREAK
21:Freak
999:JSSE
876:(EV)
870:(DV)
830:(CA)
287:OS X
285:and
192:and
56:CVE-
50:CVE-
1019:NSS
261:CVE
253:CVE
251:is
227:'s
219:'s
211:'s
198:CVE
147:RSA
106:TLS
42:CVE
1239::
630:.
533:^
523:.
509:^
499:.
437:.
404:.
393:^
267:.
235:.
204:.
188:,
125:("
112:,
93:,
89:,
721:e
714:t
707:v
527:.
441:.
408:.
369:.
263:-
255:-
200:-
77:)
44:-
27:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.