Putting the FREAK (CVE-2015-0204 ) on a Leash

Posted by UpGuard

We know you're sick of updating OpenSSL so we'll keep this short. There is a new SSL vulnerability named FREAK with a published proof of concept. FREAK affects a significant portion of websites, including big names like American Express and the NSA. Like POODLE, FREAK takes advantage of support for legacy cryptographic protocols.
To determine the scope of your exposure to the FREAK attack you need to know what version of OpenSSL is installed on every server. If you've updated since January, you're likely safe. If not, you are likely vulnerable and need to assess the work to be done. With UpGuard's enterprise search that information is trivial to retrieve. Just type in any search term like you would if you were using Google to find a place with good tacos. 

Putting the FREAK (CVE-2015-0204 ) on a Leash
Once you've updated the affected servers you can validate their state the same way. Being able to scope and test your SSL update will save hours and give you confidence that your infrastructure has been secured. Plus, all that information will be available in an auditable timeline when you need to demonstrate compliance. Where is SSL in my system? Right here:

Putting the FREAK (CVE-2015-0204 ) on a Leash

Just as importantly, UpGuard can give you the assurance that your system wasn't comprised before FREAK was made public. UpGuard automatically detects drift anywhere in your system environment. Any changes to packages or files, escalation of user privileges, or any other symptom of intrusion would have been caught and reported in the drift tracking system.

To get the convenience of modern search for your infrastructure, sign up for a free UpGuard demo.

Topics: upguard, policies

UpGuard Customers