SSL - a FREAKishly long existence
SSL, widely adopted and living on borrowed time, has clearly had a rough year. After Heartbleed, Poodle, and many other high-profile vulnerabilities comes FREAK (Factoring attack on RSA-EXPORT Keys), which at the time of publication of this blog breaks approximately 36% of all sites trusted by browsers as per this link including websites belonging to the NSA and FBI. About 12% of high-ranked Alexa websites are also believed to be vulnerable to the flaw at this time, thereby placing visitors to these sites at high risk.
Exposure and Impact
The vulnerability, discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team, allows an active attacker to perform a man-in-the-middle attack by downgrading the encrypted connection between a vulnerable client and a server that accepts export-grade RSA keys to 512-bits. The captured key can then be factored using the public cloud in a matter of hours and further be used for decryption of communication between the client and the server. Once the key has been compromised, all personal information, such as passwords and financial data, is at risk.
The origin of the vulnerability lies in the cryptographic export restrictions placed by the U.S. government in the 1990s. The restrictions have been eased since then, but the backdoor of weak encryption has lingered on in software. In the early 1990s, breaking 512-bit encryption required resources beyond the reach of the average attacker. Given the meteoric rise in computing power coupled with the rapid reduction in cost, breaking 512-bit encryption today is no longer considered daunting. Having cryptographic backdoors has backfired once again and has serious implications on the security of the Internet.
Vulnerable servers and clients are ones that either offer the RSA_EXPORT suite or use a version of OpenSSL that is vulnerable to CVE-2015-0204, the CVE identifier assigned to the SSL FREAK vulnerability.
OpenSSL has issued a patch to address the vulnerability in January 2015. Several vendors are in the process of releasing patches for the vulnerability. We strongly recommend the application of patches as soon as they are available.
Websense® researchers are not aware of active exploitation of this vulnerability at the time of publication of the blog, although man-in-the-middle attacks are rather commonly used in targeted attacks on journalists and high-profile international visitors, as well as by opportunistic attackers.
Websense Security Labs™ will continue to monitor the situation and provide updates as needed.
Contributors: Rajiv Motwani, Cristina Houle, Tamas Rudnai