LOW: SSL FREAK Report

DESCRIPTION LAST UPDATED:  2024-01-01

DEFAULT SEVERITY LEVEL: LOW

This report identifies hosts that allow the use of SSL/TLS with RSA_EXPORT ciphers (aka “export-grade” encryption).

Hosts with these weakened ciphers can be used in a man-in-the-middle attack, which forces a browser to use a weak export key, which is easily crackable. This is called a FREAK (Factoring RSA Export Keys) attack.

More information on the FREAK attack can be found at https://www.smacktls.com/.

You can track SSL FREAK scan results on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_ssl_freak, scan6_ssl_freak

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Report tag (SSL)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • freak_vulnerable
    If "Y", then the device allowed the use of export-grade ciphers and can be used in a FREAK attack
  • freak_cipher_suite
    The export-grade CipherSuite that was able to be negotiated
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","naics","hostname_source","freak_vulnerable","freak_cipher_suite","sector","sha256_fingerprint","sha512_fingerprint","md5_fingerprint","http_response_type","http_code","http_reason","content_type","http_connection","www_authenticate","set_cookie","server_type","content_length","transfer_encoding","http_date","cert_valid","self_signed","cert_expired","browser_trusted","validation_level","browser_error","tlsv13_support","tlsv13_cipher","raw_cert","raw_cert_chain","jarm","device_vendor","device_type","device_model","device_version","device_sector","page_sha256fp"
"2010-02-10 00:00:00",low,192.168.0.1,tcp,10443,node01.example.com,ssl;ssl-freak;ssl-poodle,TLSv1.0,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,md5WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,,Y,TLS_RSA_EXPORT_WITH_RC4_40_MD5,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,401,Unauthorized,text/html,close,"Basic realm=\"\"SMB\"\"",,,,,"Wed, 10 Feb 2010 00:00:00 GMT",N,Y,Y,N,unknown,,N,,,,,,,,,,49034c43dde10e109111c23b05f98fd537374000916cd0b57bd7307a87478438
"2010-02-10 00:00:01",low,192.168.0.2,tcp,10443,node02.example.com,ssl;ssl-freak;ssl-poodle,TLSv1.0,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,md5WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,certificate,Y,TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,"Arts, Entertainment, and Recreation",E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,200,OK,text/html,,,,"Apache/1.3.28 (Unix) mod_ssl/2.8.15 OpenSSL/0.9.8d",,chunked,"Wed, 10 Feb 2010 00:00:01 GMT",N,Y,Y,N,unknown,,N,,,,,Qno,,,,,b305498323a551c5f25f6929b6a38521b166ae1d1bf84b1c4a68af491c59c19b
"2010-02-10 00:00:02",low,192.168.0.3,tcp,10443,node03.example.com,ssl;ssl-freak;ssl-poodle,TLSv1.0,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,md5WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,ptr,Y,TLS_RSA_EXPORT_WITH_RC4_40_MD5,"Communications, Service Provider, and Hosting Service",E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,401,Unauthorized,text/html,close,"Basic realm=\"\"SMB\"\"",,,,,"Wed, 10 Feb 2010 00:00:02 GMT",N,Y,Y,N,unknown,,N,,,,,,,,,,49034c43dde10e109111c23b05f98fd537374000916cd0b57bd7307a87478438

Our 132 Report Types