http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw/
By Dan Goodin
Ars Technica
June 5, 2014
A researcher has uncovered another severe vulnerability in the OpenSSL
cryptographic library. It allows attackers to decrypt and modify Web,
e-mail, and virtual private network traffic protected by the transport
layer security (TLS) protocol, the Internet's most widely used method for
encrypting traffic traveling between end users and servers.
The TLS bypass exploits work only when traffic is sent or received by a
server running OpenSSL 1.0.1 and 1.0.2-beta1, maintainers of the
open-source library warned in an advisory published Thursday. The advisory
went on to say that servers running a version earlier than 1.0.1 should
update as a precaution. The vulnerability has existed since the first
release of OpenSSL, some 16 years ago. Library updates are available on
the front page of the OpenSSL website. People who administer servers
running OpenSSL should update as soon as possible.
The underlying vulnerability, formally cataloged as CVE-2014-0224, resides
in the ChangeCipherSpec processing, according to an overview published
Thursday by Lepidum, the software developer that discovered the flaw and
reported it privately to OpenSSL. It makes it possible for attackers who
can monitor a connection between an end user and server to force weak
cryptographic keys on client devices. Attackers can then exploit those
keys to decrypt the traffic or even modify the data before sending it to
its intended destination.
"OpenSSL's ChangeCipherSpec processing has a serious vulnerability," the
Lepidum advisory stated. "This vulnerability allows malicious intermediate
nodes to intercept encrypted data and decrypt them while forcing SSL
clients to use weak keys which are exposed to the malicious nodes. There
are risks of tampering with the exploits on contents and authentication
information over encrypted communication via web browsing, e-mail and VPN,
when the software uses the affected version of OpenSSL."
Client devices are vulnerable no matter what older version of OpenSSL they
are running. As stated earlier, servers are vulnerable when running 1.0.1
and 1.0.2-bata1, according to an accompanying OpenSSL advisory. The
attacks are possible only when both sides are running a vulnerable OpenSSL
version.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
