“FREAK” -- Factoring attack on RSA-EXPORT Keys

FREAK attack allows an attacker to intercept the SSL/TLS traffic between the vulnerable client & server and force them to use week encryption, typically Export Grade encryption (i.e, 512 bit RSA key exchange), which an attacker can break and steal the confidential data.

FREAK attack was announced on March 3, 2015 and was discovered by Karthikeyan Bhargavan at INRIA in Paris. The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a servezr that accepts “export-grade” encryption.

Vulnerable TLS Clients-

OpenSSL - Versions before 1.0.1

Vulnerable Web Browsers-

Chrome- Versions before 41

Android Browsers - Vulnerable as they rarely gets updates

Acknowledgements -