New OpenSSL vulnerability puts encrypted communications at risk of spying

The flaw allows man-in-the-middle attackers to decrypt traffic between clients and servers that use OpenSSL

A newly discovered vulnerability that allows spying on encrypted SSL/TLS communications has been identified and fixed in the widely used OpenSSL library.

The vulnerability, which is being tracked as CVE-2014-0224, can be exploited to decrypt and modify SSL (Secure Sockets Layer) and TLS (Transport Layer Security) traffic between clients and servers that use OpenSSL, if the version of the library on the server is 1.0.1 or newer.

In order to pull off a successful attack, the attacker would first need to be able to intercept connections between a targeted client and a server. This is known as a man-in-the-middle (MitM) position and can be gained on insecure wireless networks, by hacking into routers or by using other methods.

The security flaw was discovered by Masashi Kikuchi, a researcher from Japanese IT consulting company Lepidum, and was patched in OpenSSL 0.9.8za, 1.0.0m and 1.0.1h released Thursday. These new versions also address three denial-of-service issues and a remote code execution vulnerability when the library is used for Datagram Transport Layer Security (DTLS) connections.

The man-in-the-middle attack is possible because OpenSSL accepts ChangeCipherSpec (CCS) messages inappropriately during a TLS handshake, Kikuchi said in a blog post. These messages, which mark the change from unencrypted to encrypted traffic, must be sent at specific times during the TLS handshake, but OpenSSL accepts CCS messages at other times as well, Kikuchi said.

The problematic code has existed since at least OpenSSL 0.9.1c, which was released in December 1998, so the bug is over 15 years old, Adam Langley, a senior software engineer at Google, said in an analysis of the issue posted on his personal blog.

According to a security advisory published Thursday by the OpenSSL developers, OpenSSL-based clients are vulnerable regardless of the version used, but servers are only vulnerable if they run OpenSSL 1.0.1x and 1.0.2-beta1.

A change made in OpenSSL 1.0.1 to correct a different issue interacts badly with the CCS bug and enables attacks against servers using that version of the library, Langley said. If the server uses OpenSSL 1.0.1 or later "it's possible for the attacker to decrypt and/or hijack the connection completely," he said.

OpenSSL 1.0.1 was released in March 2012 and according to Ivan Ristic, who runs the SSL Labs at security vendor Qualys, around 24 percent of SSL servers currently use this version.

"The good news is that these attacks need man-in-the-middle position against the victim and that non-OpenSSL clients (IE, Firefox, Chrome on Desktop and iOS, Safari etc.) aren't affected," Langley said. "None the less, all OpenSSL users should be updating."

However, even if the major browsers are not vulnerable because they have their own SSL/TLS implementations, a lot of other software does rely OpenSSL, including mobile applications.

The CCS problem is easy to exploit if the conditions are right and, although the impact is nowhere near that of the Heartbleed vulnerability announced in April, there is some significant attack surface, Ristic said via email.

"One of the worst attacks could be against VPN connections based on SSL/TLS, provided they are running vulnerable OpenSSL code," he said. "Attacks against automated systems could also be interesting; they could be used to obtain connection passwords."

Ristic doesn't think that server administrators and software developers will rush to upgrade OpenSSL with the same speed as they did when the Heartbleed flaw was announced. That vulnerability, which allowed attackers to extract sensitive information including encryption keys and passwords from the memory of SSL servers and clients, could have easily been exploited widely.

Since exploiting the CCS vulnerability requires an MitM position "it's unlikely to be used at scale, but it might be very useful for targeted attacks," Ristic said.

Unfortunately, "the regular user can't do anything to safeguard their data, other than putting critical information transfer on hold until the issue is resolved server side," Bogdan Botezatu, a senior e-threat analyst at Bitdefender said via email regarding this new OpenSSL vulnerability. "It is important to bear in mind that man-in-the-middle attacks -- because of their nature -- are completely undetectable to both the user and automated traffic inspection technologies."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityGoogledata protectionencryptiononline safetybitdefenderqualysExploits / vulnerabilitiesLepidum

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?