MS KB3046015: Vulnerability in Schannel Could Allow Security Feature Bypass (FREAK)

Medium Nessus Plugin ID 81652


This plugin has been deprecated.


The remote Windows host is affected by a security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.


Apply the recommended workarounds specified by Microsoft.

See Also

Plugin Details

Severity: Medium

ID: 81652

File Name: smb_kb3046015.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2015/03/05

Modified: 2017/08/30

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Vulnerability Publication Date: 2015/01/08

Reference Information

CVE: CVE-2015-1637

BID: 72965

OSVDB: 119106

MSKB: 3046015