The Logjam vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using Diffie-Hellman key exchange to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the TLS connection for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
What versions of OpenSSL are affected?
Status of OpenSSL versions:
- OpenSSL 1.0.2 and 1.0.2a are vulnerable
- OpenSSL 1.0.1 through 1.0.1m are vulnerable
This vulnerability was discovered on 20th of May 2015. OpenSSL 1.0.2b released on 11th of June 2015 fixes this vulnerability by rejecting handshakes shorter than 768 bits.
How does this affect Zoom clients/apps?
- Zoom clients use OpenSSL 1.0.0 are are NOT vulnerable
How does this affect the Zoom cloud (zoom.us)?
- Zoom application servers that run on the Zoom cloud use OpenSSL 1.0.0 and are NOT vulnerable
How does this affect my password?
We have found no reason to believe that any user data or credentials were compromised.