Threat Update | Logjam Vulnerability

May 20, 2015

What is Logjam?

Logjam is a browser and website encryption vulnerability that allows attackers to view encrypted content by downgrading security connections.

How does this vulnerability work?

When websites and mail servers attempt to communicate security with end users many of them do what is known as a Diffie-Hellman key exchange in an attempt to establish an encrypted connection. The Logjam attack allows man-in-the-middle attackers to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This downgraded connection would make it possible for hackers to decrypt the traffic.

Herjavec Group has not seen reports of hackers leveraging this technique to date.

We recommend that HTTPS services utilize at minimum a 1024- bit key.
A patch has been released for Internet Explorer and more are forthcoming for other browsers. Please ensure your organization is using the latest version of your applicable browser. Herjavec Group will continue to monitor this vulnerability and notify our customers of appropriate developments.

A free SSL Qualys test can be leveraged to monitor susceptibility of a server or domain to the latest SSL vulnerabilities:
In addition, the following assessment can be completed focusing specifically on the Logjam vulnerability:


Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn