New Tls Vulnerability (logjam)

100

Please fix this new TLS vulnerability in Safepay and the SSL-Scan Web protection.

Test site: https://weakdh.org

Thank you very much!

Nesivos

Please fix this new TLS vulnerability in Safepay and the SSL-Scan Web protection.

Test site: https://weakdh.org

Thank you very much!

As of this post all major browsers are vulnerable to Logjam

Hopefully fixes will out shortly

100

OpenSSL.org has fixed the "LogJam Attack" vulnerability. https://www.openssl.org/news/secadv_20150611.txt

Please integrate this fix.

Nesivos

OpenSSL.org has fixed the "LogJam Attack" vulnerability. https://www.openssl.org/news/secadv_20150611.txt

Please integrate this fix.

Just clicked on the link weakdh.org that you entered in your OP. I am using Firefox 38.0.6

Good News! Your browser is safe against the Logjam attack.

Same result with BDIS 2015 and BD W8 Security with SSL scan turned on.

I don't see a problem

100

Hm, with Bitdefender 18.22.0.1521 and SSL scan turned on, i get the following results with Internet Explorer 11 on Windows 7 x64 and latest updates on Bitdefender and Windows:

With Bitdefenders Safepay browser I get always (with and without SSL scan turned on): Warning! Your web browser is vulnerable to Logjam and can be tricked into using weak encryption. You should update your browser.

With Firefox I get the same results as with safepay. But I am using an older version of Firefox and therefore only with Sandboxie.

100

Firefox 24.8.1 and Internet Explorer 11 (on Windows 7 x64) are both protected from the LogJam Attack by ESET Smart Security 8 and its SSL scan!

SSL scan on SSL scan off

Nesivos

Hm, with Bitdefender 18.22.0.1521 and SSL scan turned on, i get the following results with Internet Explorer 11 on Windows 7 x64 and latest updates on Bitdefender and Windows:

With Bitdefenders Safepay browser I get always (with and without SSL scan turned on): Warning! Your web browser is vulnerable to Logjam and can be tricked into using weak encryption. You should update your browser.

With Firefox I get the same results as with safepay. But I am using an older version of Firefox and therefore only with Sandboxie.

In W7-SP1 with BDIS 2015 and Scan SSL turned on I am showing Firefox 38.0.6 is protected and IE 11.0.9600.17843 Update Versions 11.0.20 (KB3058515) is vulnerable

In W8.1 with BD W8 Security and Scan SSL turned on I am showing Friefox 38.0.6 is protected and IE 11.0.9600.17842 Update Versions 11.0.20 (KB3058515) is protected

Another reason I prefer BDW8 Security to BDIS 2015.

100

Hm, the difference between BDIS 2015 and BDW8Security ist very interesting. I think/hope, with compatibility update of BDIS 2015 for Win10, the vulnerability will be fixed.

What is your result for IE11 with BDIS 2015 and its SSL scan turned off on Win7SP1? IE11 should shown as protected (see the second screenshot in my post #5).

EDIT for my Post #5, because SSL settings are different (visible in the screenshots there)

from

Hm, with Bitdefender 18.22.0.1521 and SSL scan turned on, i get the following results with Internet Explorer 11 on Windows 7 x64 and latest updates on Bitdefender and Windows:

to

Hm, with Bitdefender 18.22.0.1521 and SSL scan turned on/off, i get the following results with Internet Explorer 11 on Windows 7 x64 and latest updates on Bitdefender and Windows:

cohbraz

In W7-SP1 with BDIS 2015 and Scan SSL turned on I am showing Firefox 38.0.6 is protected and IE 11.0.9600.17843 Update Versions 11.0.20 (KB3058515) is vulnerable

In W8.1 with BD W8 Security and Scan SSL turned on I am showing Friefox 38.0.6 is protected and IE 11.0.9600.17842 Update Versions 11.0.20 (KB3058515) is protected

Another reason I prefer BDW8 Security to BDIS 2015.

I think this may have more to do with Windows 8.1 than BD. As a test, I just checked IE11 on a machine with 8.1 and no extra protection besides Windows Defender, and it came up as safe.

EDIT: Nevermind! It looks like BDIS with SSL Scan enabled can cause browsers to be vulnerable. I should have read the thread more carefully.

100

[...] BDIS with SSL Scan enabled can cause browsers to be vulnerable. [...]

Yes, that's right!

Nesivos

Hm, the difference between BDIS 2015 and BDW8Security ist very interesting. I think/hope, with compatibility update of BDIS 2015 for Win10, the vulnerability will be fixed.

What is your result for IE11 with BDIS 2015 and its SSL scan turned off on Win7SP1? IE11 should shown as protected] (see the second screenshot in my post #5).

EDIT for my Post #5, because SSL settings are different (visible in the screenshots there)

from

to

Hm, with Bitdefender 18.22.0.1521 and SSL scan turned on/off, i get the following results with Internet Explorer 11 on Windows 7 x64 and latest updates on Bitdefender and Windows:

Protected

Nesivos

Yes, that's right!

Sure seems that way.

I did have a related problem on another W7-SP1 computer with BDIS 2015. I use https://quick for my home page. With regard to the computer in question with SSL scan turnd on the webpage in question would not load in Friefox. Firefox blocked it as an unsafe. With SSL scan turned off no problem. The problem was this was not happening on my other W7-SP1 computer with BDIS 2015 nor was it happening on my two W8.1 computers with BDW8 Security.

Anyway I fiddled around with it on the computer that Firefox was blocking the webpage with SSL scan turned on but not blocking it with SSL scan turned off. I did something, unfortunately I can't recall what it was. Then BDIS popped up and said you need to restart your browser to be safe? or something like that. I restarted Firefox and was able to access the webpage in question with SSL scan turned on. It has loaded without any problems since then with SSL Scan turned on in BDIS 2015. Now that I am typing this I recall I had previously had the exact same thing happen on the other W7-SP1 computer with BDIS 2015 and again BDIS popped up asking me to restart Firefox and all has been good since then.

100

I did have a related problem on another W7-SP1 computer with BDIS 2015. I use https://quick for my home page. With regard to the computer in question with SSL scan turnd on the webpage in question would not load in Friefox. Firefox blocked it as an unsafe. With SSL scan turned off no problem.

[...]

Then BDIS popped up and said you need to restart your browser to be safe? or something like that. I restarted Firefox and was able to access the webpage in question with SSL scan turned on. [...]

I think that this was another problem and had to do with the root certificate of Bitdefender in Firefox. There was probably an update of this root certificate.

To protect against the LogJam attack, Bitdefender has to integrate the patch of OpenSSL.org in its SSL proxy:

OpenSSL.org has fixed the "LogJam Attack" vulnerability. https://www.openssl.org/news/secadv_20150611.txt

Maybe it has again to do with the files bdpredir_ssl.dll and bdpredir_ssl_pc.dll (Freak ssl attack) (Klick) of BDIS/BDTS

100

Patched today with update to 18.23.0.1604 (for Internet Explorer and Firefox). Thank you very much!

Both screenshots are showing the result with SSL-scan turned on:

But the Safepay browser is still vulnerable.

Georgia

Hello,

Safepay is safe against the Logjam attack as well.

Please update your Bitdefender, then restart the computer to see the changes.

100

Yes, Safepay is now safe against the LogJam attack too.