Around two months after the OpenSSL flaw “Heartbleed” shook the internet’s privacy foundations, new vulnerabilities have been discovered in the protocol.
According to an advisory, an attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
While still serious, the attack can only be performed between a vulnerable client and server. The flaw was discovered by Kikuchi Masashi of Lepidum, who said in his advisory that the problem is that OpenSSL accepts ChangeCipherSpec inappropriately during a handshake, and this bug has existed since the very first release of OpenSSL.
He said: “OpenSSL sends ChangeCipherSpec in exact timing itself. However, it accepts ChangeCipherSpec at other timings when receiving. Attackers can exploit this behaviour so that they can decrypt and/or modify data in the communication channel.
“The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation. If the reviewers had enough experiences, they should have been verified OpenSSL code in the same way they do their own code. They could have detected the problem.”
Ivan Ristic, director of Qualys SSL Labs, said that the vulnerabilities are serious, but will have far less impact than Heartbleed. “The main vulnerability (CVE-2014-0224) is a man-in-the-middle type scenario between two machines running OpenSSL that allows for the decryption of the data sent; in most of our typical communication (browser web server) we do not have two machines running OpenSSL, because the browser uses a different SSL library.
“So while there are certainly situations where OpenSSL talks to OpenSSL, for example in command line tools, server to server communication and also in Android browsers (Chrome and native), which use OpenSSL, the conditions necessary for exploitation are quite a bit harder to find.”
Steve Pate, chief architect at HyTrust, said he was not surprised that there are a number of newly reported flaws in OpenSSL. “After the Heartbleed bug was announced, one thing we could guarantee was that all eyes would be on the OpenSSL source code, scrutinizing it for issues,” he said.
“I personally feel encouraged that the community has risen to the challenge to ensure that OpenSSL becomes a better product and that issues are found and fixed quickly. What concerns me more is the length of time that vendors will take to apply the patches. As with Heartbleed, we can guarantee that the security conscious vendors on the web will move fast. However, how many servers and routers are still out there vulnerable to the Heartbleed bug, never mind these new vulnerabilities.”