FREAK

Discussion in 'Discussion (AdGuard for Windows)' started by pablozi, Mar 7, 2015.

  1. pablozi

    pablozi Beta Tester

    Joined:
    Mar 4, 2014
    Messages:
    13
    Can Adguard expose us to FREAK attack? In fact AG is intercepting TLS connection and tests made by Safegroup members shows that Google Chrome with AG enabled is vurnerable but when HTTPS filtering was disabled browser was safe. Can devs say something more about this?
    https://freakattack.com/clienttest.html
     
  2. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,135
    Need some time to check it, thank you!

    ---------- Post added at 02:34 PM ---------- Previous post was at 01:39 PM ----------

    I've checked it and you're right, attack of such type is possible in current version.
    Although possibility is low because vulnerable ciphers are disabled.

    We'll fix it in the next patch.
     
  3. niXta

    niXta Beta Tester

    Joined:
    Jan 19, 2015
    Messages:
    1
  4. vasily_bagirov

    vasily_bagirov Administrator Staff Member Administrator

    Joined:
    Jul 1, 2014
    Messages:
    6,902
    Thanks for mentioning it! We are already aware and it will be fixed by the release time.
     
  5. Boo Berry

    Boo Berry Moderator + Beta Tester Moderator

    Joined:
    May 30, 2012
    Messages:
    3,791
    FYI, this is now fixed in the latest Adguard for Windows beta build. I'm guessing the next OS X beta build might have this fixed too.
     
  6. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,135
    I hope this week we'll release new Mac beta fixing all SSL issues we have.