OpenSSL MITM CCS vulnerability and its impact
Within weeks of the infamous Heartbleed vulnerability in one of the world’s most commonly used open-source software OpenSSL, more vulnerabilities have been found in OpenSSL. One of the reasons for this is that developers of OpenSSL and others are having a closer look at the OpenSSL code following the discovery of Heartbleed. Yesterday, OpenSSL came up with a security advisory detailing seven vulnerabilities and has released versions fixing these vulnerabilities. While many of them relate to the prevalence of DDoS attacks – dangerous though DDoS attacks are, they don’t make one lose one’s sensitive data – one of the vulnerabilities ( CVE-2014-024) allows a hacker to launch a MITM (man in the middle attack) and snoop on unencrypted data. The hacker can thus look at sensitive data in the clear, beating OpenSSL’s encryption. The impact is enormous.
To summarize, unlike in the case of Heartbleed where even if either client or server uses OpenSSL, the whole connection would be vulnerable, in this case, both OpenSSL Client and Server have to be vulnerable for exploiting this vulnerability. There being the huge number of other devices using OpenSSL — routers, standalone devices, VPN clients, wifi access points (AP), etc — the vulnerability is important enough.
Briefly, vulnerability is the following. Because of a flaw in OpenSSL implementation, it is possible to launch a man-in-the-middle attack by sending a CCS ( ChangeCipheSpec) request, a single packet to both client and server that forces them to have a zero-length pre-master key. Using this master key, all data can then be easily decrypted and snooped.
All OpenSSL client versions are vulnerable. As to the OpenSSL server, only 1.0.1 and 1.0.2 are vulnerable. OpenSSL recommends however that everyone update their clients and servers. And new versions of OpenSSL have been made available Here are the details for the upgrade:
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
The best fix for the above then is to upgrade all OpenSSL clients and servers with the above versions that apply. In case you are Indusface customer protecting your website using Indusface WAF, there is a better solution. Indusface WAF has been upgraded to run a version of OpenSSL that has fixed this vulnerability. Since, for this vulnerability to be exploited, both client and server have to be vulnerable, an Indusface WAF that works like a proxy in the middle emulates a server for the client and hence you would be secure.
Of course, you would have to upgrade your OpenSSL clients too so that they are secure when accessing other OpenSSL servers that may be vulnerable.