A summary:
The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptogrpahy, which can then be decrypted.
A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.
It also includes a list of vulnerable websites, including sites like mit.edu, groupon.com, marriott.com, and americanexpress.com (!).
Back in the day, Microsoft stored passwords in a fairly insecure format. Then they got security religion, and improved the strength of their password storage dramatically. It was very hard to crack the new format. (I don't remember exactly, but this would have been somewhere around when NT came out.)
But Microsoft was always big on backward compatibility. They wanted users of old machines to still be able to log in to the new servers. So they stored the passwords in the new, strong format, and in the old, weak format, so that they could still authenticate old clients. And that meant that attackers could still get the passwords in the weak format if they could get on the server.
This is from memory, and it's been over a decade, so I may not have all the details exactly correct...
http://blog.cryptographyengineering.com/2015/03/attack-of-we...
Here it is: https://www.smacktls.com
Is this true? Both Chrome on my mobile device and on my laptop show as vulnerable on freakattack.com. Both have outstanding updates[1]; however, if only mean the latest version is not vulnerable, I feel like the message that we need to send the layman is "update, now (and really, always)" not "is not vulnerable"
[1] which Chrome wasn't able to actually download earlier, but all seems good now.
This is all OpenSSL has to say about it;
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-
export RSA key exchange ciphersuite. A server could present a weak
temporary key and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
Also, that CVE is from Jan 8, 2015, while this is claiming to be a new issue disclosed today. I've seen no mention on the oss-security list of "FREAK", so something is borked with this disclosure if it is a new vulnerability...
Haha, the irony. I guess it now proves to NSA why they are also vulnerable when they mandate backdoors in common software.