The Logjam vulnerability allows a man-in-the-middle attacker to downgrade a vulnerable TLS connection to 512-bit export-grade encryption using the Diffie-Hellman key exchange. This allows attackers to read and modify data passed over TLS connections for applications such as web, email, instant messaging (IM), and virtual private networks (VPNs).
Which version of OpenSSL will be affected?
OpenSSL version status:
- OpenSSL 1.0.2 and 1.0.2a are vulnerable.
- OpenSSL 1.0.1 to 1.0.1m is vulnerable.
OpenSSL 1.0.2b, released June 11, 2015, fixes this vulnerability by rejecting handshakes shorter than 768 bits.
How does this affect the Zoom client/app?
- Zoom clients using OpenSSL 1.0.0 are not affected by this vulnerability.
How does this affect the Zoom cloud (zoom.us )?
- The Zoom application server running on the Zoom cloud uses OpenSSL 1.0.0 and is not vulnerable.
How does this affect my password?
No cases have been found where user data or credentials have been compromised.
For more information on this article, please refer to Security: Logjam Updates.