OpenSSL Flaw Discovered: Patch NowIt's No Heartbleed, But Attackers Could Decrypt, Modify Traffic
Beware of a newly discovered bug in OpenSSL, the open-source implementation of the SSL and TLS protocols that's used to secure data sent between clients and servers. The flaw exists in client versions of OpenSSL, as well as the most recent version for servers, which many organizations adopted to mitigate the Heartbleed vulnerability.
The team behind the OpenSSL Project sounded that warning in a June 5 security alert, noting that all versions of the OpenSSL client produced since the project began in 1998 - and recent versions of their server code - are vulnerable to a man-in-the-middle attack that would force servers and clients to use weak keys, which would allow attackers to decrypt traffic. They've also released new versions of OpenSSL to patch the bugs and security flaws.
The OpenSSL team emphasized that such an attack could only be carried out against both a client and server running vulnerable versions of the software. "OpenSSL clients are vulnerable in all versions of OpenSSL," according to the advisory. "Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1," which were the latest versions. Even so, they recommended that anyone with OpenSSL servers prior to version 1.0.1 "upgrade as a precaution."
One risk is that hackers could launch a MITM attack to not just read encrypted data, but alter it. "There are ways that you can decrypt data, view it, modify it and pass it along encrypted, and neither the client nor the server will be aware," says Nicholas Percoco, vice president of strategic services at security vendor Rapid7. Such an attack could be used, for example, to intercept banking sessions and create fraudulent transactions that still looked legitimate to both the client and server. "As an end user, you have no indication; nothing will pop up to tell you you're being 'man-in-the-middled,'" he says.
The latest version of OpenSSL also patches five other vulnerabilities, some of which could be abused by attackers to create a distributed-denial-of-service attack. A buffer overrun flaw, meanwhile, could be exploited to run arbitrary code on vulnerable machines.
OpenSSL After Heartbleed
OpenSSL has been in the spotlight since the Heartbleed flaw - which allowed attackers to steal private SSL keys as well as VPN session tokens - was first publicly detailed on April 7, 2014. The flaw was present in more recent versions of OpenSSL, which is used to secure millions of websites, as well as built into an untold number of hardware and software products, including many Android apps.
Due to Heartbleed, many businesses upgraded their servers to OpenSSL 1.0.1. That is now the focus of the man-in-the-middle vulnerability alert issued Thursday. Thankfully, the newly disclosed vulnerability is not on a par with Heartbleed. "It's different, because the Heartbleed flaw was a direct attack against a server that was vulnerable," Percoco says.
Furthermore, while many OpenSSL servers are vulnerable to this MITM attack, there are mitigating factors. "In spite the fact that OpenSSL is wildly popular on servers, most browsers and tools a user uses have their own crypto libraries they use, which likely negates the vulnerability," says Jose Nazario, chief scientist at security product company Invincea. "That said, tons of stuff behind the scenes occurs that does use OpenSSL clients and servers, such as machine-to-machine Web API calls or data shuttling, including e-mail (SMTP+STARTTLS). So there is a bunch of potential exposure for data here if an attacker gets to MITM the right spot."
Heartbleed Drives Bug Discovery
The new MITM vulnerability was discovered by Japanese security researcher Masashi Kikuchi. Inspired by the Heartbleed flaw, he took a close look at the OpenSSL code base for other potential problems, and to his surprise quickly discovered another flaw. He then reported it to Japan's Computer Emergency Response Team, which shared the information with the OpenSSL Project on May 1. The project then took a month to prepare, test and ship a patch that it says is based on a fix that Kikuchi developed.
From a security and reliability standpoint, the fact that security researchers like Kikuchi are hammering away on OpenSSL is good, because it will help make the widely used code base even more secure. Expect further improvements via the recently launched Core Infrastructure Initiative, through which a number of leading technology firms - including Amazon Web Services, Cisco, Dell, Facebook, Google, HP and Microsoft, among others - will be directly funding the development of critical open source tools, including OpenSSL.
Thankfully, these sorts of large-scale man-in-the-middle vulnerabilities aren't common. Rapid7's Percoco estimates that over the past decade, they've only come along about once per year. For example, back in 2011, he and fellow security researcher Paul Kehrer demonstrated at the annual summertime Def Con conference in Las Vegas how attackers could craft fake SSL certificates to intercept traffic from devices running Apple iOS 4.3.5. "The vulnerability allowed you to intercept any communication, very similar to the newly disclosed OpenSSL vulnerability, except that it only affected the iPhone population," Percoco says.
Avoid 'Heartbleed Removers'
To patch the newly discovered vulnerabilities, anyone running OpenSSL on a client or server should upgrade to the latest version, available via the OpenSSL Project site.
At the same time, beware of ongoing phishing e-mails and social-engineering attacks that are attempting to trick people into installing fake fixes, for example in the form of so-called "Heartbleed removal" tools. "Some hackers are trying to convince potential victims that Heartbleed can be 'uninstalled' from their computers," Gary Davis of security vendor McAfee says in a recent blog post. "They're doing this by sending out e-mails loaded with a 'Heartbleed remover' tool attachment, which is really just a cleverly disguised package of malicious software."