Contrary to what the name of the latest transport layer security issue suggests, FREAKing out is never a good idea when dealing with the security of secret data – that is, anything guarded by a layer of RSA encryption.
The latest OpenSSL security issue, which was made public on Tuesday, March 3, 2015, has been dubbed FREAK (Factoring RSA Export Key). The underlying vulnerability is known to MITRE as CVE-2015-0204. It allows man-in-the-middle eavesdroppers to trick vulnerable clients into choosing export-grade RSA cipher, which is considered a weak cipher suite, for encryption. An attacker could negotiate an SSL connection using the export RSA cipher with servers configured to support that cipher suite on behalf of the client; a vulnerable client, even if not configured to accept such a weak cipher, will downgrade to it when it’s received from a man-in-the-middle eavesdropper acting as server. This vulnerability has a severe impact on the confidentiality and integrity of the communication over such connections.
Our friends in FoD have detailed their FREAK findings on their blog. Successful exploit requires both a vulnerable client and a server configured to support export grade RSA cipher, making this a somewhat narrow issue compared to other highly publicized vulnerabilities over the past several months. And, as mentioned, these ciphers were already known to be weak; in fact, WebInspect has been reporting weak ciphers since 2012 under vulnerability ID 11285 (Weak Cipher). Users of WebInspect can re-run a test against their servers using Transport Layer Security policy to verify that servers only support strong cipher suite, the only caveat being that WebInspect rejects site scan requests for server that are configured with only export ciphers. We would highly recommend manual inspection of the SSL configuration of any sites that cannot be scanned otherwise.
In addition, we would like to reiterate remediation steps in case a vulnerable server is identified (by whatever means):
- Immediately fix the server configuration and restart the service
- Identify the nature of the data stored on the server, so you can follow proper procedures for notifying relevant customers and law enforcement
- Upgrade the OpenSSL library to latest version if applicable. OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are known to be vulnerable.
Finally, while you are at it, fix any other SSL issues that might have surfaced in the course of your remediation. Treat the fire drill as less of a FREAK occurrence and more as an opportunity to make sure everything’s in order.