OpenSSL high-risk vulnerability: allows hackers to decrypt HTTPS traffic (CVE-2016-0701)
Maintainers of the OpenSSL encrypted code library announced that they had fixed a high-risk vulnerability. This vulnerability allows hackers to obtain keys for decryption of encrypted communication on HTTPS and other secure transmission layers.
OpenSSL vulnerability details
This vulnerability can be exploited when various conditions are met. First, this vulnerability exists in OpenSSL v1.0.2. Applications dependent on it must use the digital signature algorithm to generate a temporary key based on DH key exchange. By default, this type of server will reuse the same DH private key, which makes it more vulnerable to key overwrite attacks. DSA-based DH (Diffie Hellman) configuration (dependent on static DH cipher suite) will also be affected.
Fortunately, the configuration of many mainstream applications is not OpenSSL + DSA-based DH. For example, if the SSL_OP_SINGLE_DH_USE option is enabled on the Apache server, different private keys are used. BoringSSL code library extended by OpenSSL abandoned support for SSL_OP_SINGLE_DH_USE a few months ago. LibreSSL also discards this option earlier this week. However, these applications and Libraries still have vulnerabilities when using static cipher suites.
When other additional conditions are met, hackers can send a large number of handshake requests to vulnerable servers or PCs. After sufficient computation, the hacker will obtain some key values, and finally combine the Chinese Remainder Theorem to export the complete decryption key. The Vulnerability Number is CVE-2016-0701, and Adobe system researcher Antonio Sanso posted a blog post on Wednesday about the content and report to the official details. In addition, OpenSSL officially warned that this solution may affect machine performance.
The speed at which OpenSSL fixes the vulnerability was surprising. Sanso reported the vulnerability to the official website on April 9, January 12, meaning that it took more than two weeks for the official website to fix and distribute the vulnerability. Interestingly, when the researchers reported the vulnerability, the fix for DH key reuse was updated. However, the official website has not released a new version. They have completed some repairs through patches.
Do you still remember Logjam?
The release on Thursday also included a solution for an HTTPS-crippling vulnerability, known as the Logjam vulnerability, which was first disclosed in last May, affecting thousands of servers. It allows hackers to downgrade DH encrypted connections and use a more fragile 512-bit key. Here, hackers can use pre-computed data to deduce the keys of both parties.
If the DH parameter is used, OpenSSL rejects key communication with less than 1024 bits. A previous OpenSSL patch has added a limit of 768 bits.
Note that OpenSSL v1.0.2 should be upgraded to 1.0.2f, and 1.0.1r should be installed for version 1.0.1. The OpenSSL announcement on Thursday reminds users that their support for 1.0.1 will end at the end of this year and there will be no security patches in the future. The support for 0.9.8 and 1.0.0 ended on January 1, December.