The dust has barely settled on Heartbleed, yet here we are hit with another major vulnerability. The not-yet-catchily-named OpenSSL flaw allows spying on encrypted SSL/TLS communications, if the attacker can pull off a man-in-the-middle position. Read on to learn how it works, what it means for you, and how it stacks up against Heartbleed.
The OpenSSL project published a security advisory containing several vulnerabilities. The most discussed vulnerability is CVE-2014-0224, through which an eavesdropper can reduce the strength of the encryption through a Man-in-the-Middle (MITM) attack, putting the content of the transmitted data at risk. However, there are other vulnerabilities in the advisory that could be used for denial of service (DoS) attacks or remote code execution.
How does Rapid7 rate the threat?
These are significant threats, although harder to exploit than the recent Heartbleed vulnerabilities in OpenSSL.
The newly disclosed MITM vulnerability (CVE-2014-0224) affects all OpenSSL clients and devices that communicate with vulnerable servers. While all OpenSSL client versions are vulnerable, only the most recent OpenSSL server versions are affected. In order for the vulnerability to be exploited, both the client and the server must be vulnerable.
A MITM attack is dangerous because it can allow an attacker to intercept data that was presumed encrypted between a client (e.g., an end user) and a server (e.g., the online bank). This attack is passive in nature and may not be detected by client, server or network based security controls.
The second vulnerability (CVE-2014-0221) is likely only a Denial of Service (DoS) attack that would not expose encrypted data. Rapid7 rates it as a low threat generally, high for critical services.
One vulnerability that has surprisingly been discussed very little is the DTLS invalid fragment vulnerability (CVE-2014-0195), which contains a buffer overrun that could be exploitable with arbitrary code execution. Rapid7 is conducting further research and will update the community if additional information becomes available. Rapid7 rates this as a medium to high threat, and one to keep on your watch list.
Which Rapid7 products are affected?
- Nexpose: Nexpose is not affected
- Metasploit: The Metasploit editions Metasploit Pro, Metasploit Express, Metasploit Community and Metasploit Framework in versions 4.9.2 or earlier currently utilize vulnerable versions of OpenSSL, most notably CVE-2014-0224 and CVE-2014-0221. Rapid7 is currently working on a security update and will announce its availability in the following blog post as soon as it becomes available: https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advis ory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit
- UserInsight: UserInsight doesn’t make use of the OpenSSL client and is not affected.
- ControlsInsight: ControlsInsight is not affected.
- Mobilisafe: Mobilisafe is impacted but there is no action that customers need to take. In order to exploit the vulnerability, an attacker would need to be in a privileged network position between the customer’s Exchange CAS server and the Amazon ELB, which is an unlikely scenario. Customers do not need to take any action since the impacted servers are being patched.
How does this affect me?
The impact of this particular vulnerability is difficult to predict. Email clients, VPN clients, and other ‘soft’ clients that have relied on this technology for years now have another exposure point. Clients such as OpenVPN, email clients, and other apps that use OpenSSL such as certain mobile banking apps could potentially be vulnerable.
It’s likely that the majority of OpenSSL users are at risk, as this vulnerability affects the latest OpenSSL version and there was a push to update to that version after Heartbleed was disclosed. While major desktop browsers are not affected, there are likely many other software packages that utilize OpenSSL for client-side SSL communication.
Chrome on Android browsing may be affected, although that vulnerability is not yet confirmed.
How does this compare with Heartbleed?
In some ways, this vulnerability will impact more customers than Heartbleed, as the affected OpenSSL client versions go further back. Many people who were running a version of OpenSSL not affected by Heartbleed will now have to update their software.
While the vulnerabilities disclosed today do not allow for the disclosure of private keys -- requiring reissuing SSL certs -- it could allow for the passive (and largely undetectable) interception of highly sensitive data.
However, Heartbleed can be leveraged by anybody who has access to a server over the network – for example, connecting to a web server. The newly disclosed vulnerability is more challenging for attackers as it requires the attacker to control the “wire.” This might involve setting up an evil access point in a coffee shop or infiltrating an Internet Service Provider.
The impact is also less because the major desktop browsers are not impacted. So far, the impact on non-Android web browsing activity is minimal.
With the additional level of scrutiny which OpenSSL is now receiving, it is quite possible that more vulnerabilities will come to light.
How can I figure out whether my organization has been exploited?
Because this vulnerability involves compromising data on the wire, there’s no way to spot it while it’s happening. Conceptually, this is the same as the attacker listening to an encrypted radio transmission.
Organizations can, however, look for evidence that compromised data was used maliciously. An example would be if a large number of user accounts -- accounts that historically have only been sent over SSL between an OpenSSL client and server -- are being compromised.
Many forward-leaning security programs operate under the assumption that their network has been breached and so the organization must monitor user activity for signs of intrusion. If you are concerned that this vulnerability may have impacted your organization, you should continuously monitor your systems and users for potential incidents.
Rapid7 offers UserInsight to monitor user behavior and identify credential compromise. If you are interested in evaluating the product, please contact us.
What is a Man-in-the-Middle Attack?
In a Man-in-the-Middle attack (MITM), an eavesdropper makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other. However, the conversation is entirely controlled by the attacker. The attacker has the ability to both eavesdrop on the conversation, and to alter its content.
MITM attacks can be carried out in a variety of ways, such as hosting a malicious access point in a coffee shop. However, state-sponsored actors can also conduct MITM attacks by controlling ISPs and carriers.
Does Metasploit have modules to exploit these vulnerabilities?
The Metasploit team is actively researching these vulnerabilities with the goal to developing exploits for them. If you have successfully written a module addressing any of these vulnerabilities, please create a pull request on Github (https://github.com/rapid7/metasploit-framework/wiki/Landing-Pull-Requests). The modules will be announced on the Metasploit blog (http://blog.metasploit.com).
Does Nexpose have checks for these vulnerabilities?
The Nexpose team is working on providing checks for these vulnerabilities with high priority. Availability of these checks will be announced on the Nexpose blog (https://community.rapid7.com/community/nexpose/blog).
Does this vulnerability affect data transmitted in the past?
Data transmitted before the disclosure of the MITM vulnerability could only be affected if the attacker had knowledge of the vulnerabilities prior to disclosure (0-day exploits). The attack does not expose cleartext data if an attacker has recorded the encrypted sessions.