Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Responds to CVE-2015-0204: FREAK Vulnerability

It seems that in recent history, the SSL library continues to give security teams plenty of opportunities to interface with systems/application administrators and vendors to upgrade SSL in their environments. The latest vulnerability to impact SSL is CVE-2015-0204, known in the media as "FREAK," short for Factoring RSA EXPORT Keys. FREAK can facilitate a man-in-the-middle attack and force a browser to export a weak 512-bit key, which can be factored in just a few hours. On January 8, 2015, Openssl.org posted the vulnerability with a severity of Low in its security advisory. However, this vulnerability has gained attention most recently when a Washington Post article cited a former U.S. government policy that forbade the export of strong encryption. While this issue impacts all versions of OpenSSL, other software titles that do not properly handle the use of weak algorithms could also be affected. A fix for FREAK in OpenSSL is available as of OpenSSL v1.0.2. Other vendors are also making SSL updates available.

SecurityCenter dashboard

While OpenSSL is prevalent and the impact to operations teams can be significant, there is no reason to freak out; Tenable already has you covered! A SecurityCenter Continuous View™ SSL Discovery dashboard is available for tracking SSL usage in your environment. We have updated the components to specifically call out CVE-2015-0204 to make it even easier to track its impact and remediation.

SSL Discovery SSL Freak

Nessus plugins

When you scan your environment for FREAK utilizing Nessus®, be sure to look at these plugins:

  • 26928: SSL Weak Cipher Suites Supported
  • 81606: SSL/TLS RSA-EXPORT <= 512-bit Cipher Suites Supported (FREAK) (newly released)

As always, you can also search for CVE-2015-0204 on our Nessus Plugins page to find the latest Nessus plugins.

This blog will be updated as events warrant.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.