Still have questions?
- Contact our Supportteam.
- VersionOne Application Vulnerability Scan Repository
- Was VersionOne affected by Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability?
- Was VersionOne affected by the Adobe Flash Security Vulnerability?
- Was VersionOne affected by the FREAK SSL/TLS Vulnerability CVE-2015-0204
- Was VersionOne affected by the Heartbleed security vulnerability?
FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.
Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker can act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the "FREAK" (Factoring Attack on RSA-EXPORT Keys) attack.
The VersionOne application was not impacted by the FREAK Vulnerability. Our Content Delivery Vendor, Instart Logic, is also not vulnerable to the FREAK attack as their network is configured to disable these weak encryption protocols. VersionOne also tested and confirmed that all origin servers are not vulnerable to the FREAK attack.