As you probably read somewhere else, and on another place, and another... on March 3rd 2015, another attack on SSL/TLS was published. Following the tradition of BEAST, CRIME, Heartbleed, LUCKY13 and POODLE this one also has a catchy name: FREAK (Factoring RSA Export Keys).
It's a man-in-the-middle attack where a man in the middle can decrypt a SSL/TLS connection between a client and a server.
Vulnerable *servers* are servers that accept export-grade ciphers (RSA-EXPORT). Checking whether a server is vulnerable can be done in many ways.
- Take for example analyze_hosts.py, a Python wrapper around several tools:
analyze_hosts --ssl HOST
If you see any EXPort ciphers, the server is vulnerable.
- Another way is by using cipherscan
cipherscan HOST:443
If you see any EXPort ciphers, the server is vulnerable.
- Yet another way is by using nmap:
nmap --script ssl-enum-ciphers -p433 HOST
If you see any EXPort ciphers, the server is vulnerable.
You get the idea...
Mitigate this vulnerability server-side by making sure that your server doesn't allow export ciphers in the OpenSSL configuration: add the following expression
!EXP
There are also vulnerable clients...
Clients using OpenSSL are not vulnerable if they were built after CVE-2015-0204 was published.
The current/latest version of 1.0.2-chacha, the OpenSSL fork including ChaCha20 and Poly1305 is not vulnerable. The fork is being kept up to date on a regular base. See https://www.onwebsecurity.com/cryptography/openssl for the latest Windows binaries, and more information on the source.
Note
This attack method is possible due to the NSA deliberately weakening crypto. Read more on this fascinating story at https://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
To paraphrase cryptographer Matthew Green: "Encryption backdoors will always turn around and bite you in the ass. They are never worth it."
Comments
comments powered by Disqus