Security Bug Report

Sumit Jain smtjain211 at gmail.com
Thu Aug 13 05:08:50 EDT 2015


*Hello Security,I would like to report a security issue in your Website. *
*Vulnerable link : **http://pidgin.im/ <http://pidgin.im/>*
*Vulnerability Name : Logjam Vulnerability(Support Weak Diffie-Hellman Key
Exchange parameter ) *
*Server HostName : rock.pidgin.im <http://rock.pidgin.im>*

*Details About the vulnerability :- *

*The above server support Diffie-Hellman Key Exchange Parameter , Which is
Weak*

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits (p: 128, g: 128,
Ys: 128)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits (p: 128, g: 128,
Ys: 128)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 128, Ys:
128)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 1024 bits (p: 128, g:
128, Ys: 128)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits (p: 128, g: 128,
Ys: 128)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits (p: 128, g: 128,
Ys: 128)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 128, Ys:
128)
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 1024 bits (p: 128, g:
128, Ys: 128)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits (p: 128, g: 128,
Ys: 128)



*The Logjam Attack : *Diffie-Hellman key exchange
<https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange> is a
popular cryptographic algorithm that allows Internet protocols to agree on
a shared key and negotiate a secure connection. It is fundamental to many
protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on
TLS.

Please Fix this and let me know
Thank You
Best Regards
Sumit Jain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150813/e89d3469/attachment.html>


More information about the security mailing list