2 Minutes On: DROWNing in SSL2 connection requests - the web's latest large-scale vulnerability
One of the latest large scale web vulnerabilities, dubbed DROWN (Decrypting RSA with Obsolete and Weakened Encryption), again targets SSL.
DROWN targets SSL
Demonstrated in newly released research, it was discovered earlier this year that if an HTTPS server supports SSLv2, a hacker can exploit this to decrypt intercepted connections from clients - even if those connections are using the most secure, up-to-date version of the TLS protocol.
The researchers said that with “an unpatched SSLv2 server to use as an oracle, we can decrypt a TLS ciphertext in one minute on a single CPU—fast enough to enable man-in-the-middle attacks against modern browsers. 26 percent of HTTPS servers are vulnerable to this attack”.
In making constant SSLv2 connection requests, the researchers showed that they could discover information about the server's private RSA key. With enough requests, they were able to get the private key to decode the TLS sessions. As SSLv2 can often be accidentally enabled when setting up a new server, this is being considered a major issue.
While the attack has several prerequisites, there is a good chance that hackers could use the flaw. The web server running HTTPS needs to either support SSLv2 itself or to share its private key with another server that does for the attack to be possible.
A new version of OpenSSL has been released which disables SSLv2 in existing servers. The update also patches several other minor bugs, such as (CVE 2016-0705) that could lead to a denial-of-service attack or memory corruption for applications receiving DSA private keys from untrusted sources, or a side channel attack that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture (CVE 2016-0702).
The researchers from Tel Aviv University, Münster University, Horst Görtz Institute for IT security, Ruhr University Bochum, University of Pennsylvania, Hashcat Project, University of Michigan, Two Sigma/OpenSSL, Google/OpenSSL collectively concluded “that SSLv2 is not only weak, but actively harmful to the TLS ecosystem.”
–By Roi Perez, SC Magazine UK
data breaches compromised 707 million data records in 2015
- Gemalto 2015 Breach Level Index (BLI)
of stolen records come from compromised database servers
- Verizon Data Breach Investigations Report
of organisations equipped to securely manage user identities
- Capgemini and RSA survey
of all data breaches avoidable by implementing simple or intermediat level controls
– National Risk Estimate, Homeland Security