SSL Freak Vulnerability Scanner
Check your SSL/TLS configuration for FREAK vulnerability. Ensure your server does not support export-grade RSA keys.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
20 seconds
Time Interval
1 month 4 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
What is SSL FREAK Vulnerability?
SSL FREAK (Factoring Attack on RSA-EXPORT Keys) is a vulnerability that exploits weak export-grade RSA keys in SSL/TLS configurations. These export keys, originally introduced due to outdated cryptographic export restrictions, are intentionally weaker (512 bits) and can be cracked by attackers to decrypt secure communications.
The FREAK attack occurs when a server accepts export-grade RSA keys and an attacker forces a client-server connection to use these weaker keys. Once the weak keys are factored, the attacker can decrypt sensitive data, such as session cookies or login credentials, sent over the connection.
Mitigating FREAK involves disabling support for export-grade ciphers on servers, ensuring clients reject weak keys, and upgrading SSL/TLS configurations to prioritize modern, secure encryption standards.
