[bdNOG] SSLv2 DROWN Attack

• Previous message: [bdNOG] SSLv2 DROWN Attack
• Next message: [bdNOG] IANA allocates /15 of IPv4 to APNIC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

In light the recent disclosure of a security vulnerability, the Security
Team has decided to issue an announcement to inform those who may have not
heard about its details and implications.

---

*DROWN Attack*

DROWN is a vulnerability/attack that has been recently disclosed and
affects services that rely on SSL and TLS to provide security.

The vulnerability allows an attacker to obtain the session keys for an
encrypted session, allowing him to decrypt all the communications within
that session.

The authors of the research that revealed the vulnerability measured that
33% of HTTPS servers are vulnerable. Other potentially affected services
include VPN and email servers.

A service is vulnerable if it meets *ANY* of the following conditions:

    -   Has support for SSLv2.
    -   Uses the same certificate/private key as a service that has support
for SSLv2.
    -   Uses a version of OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before
1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a.

The vulnerability is specially dangerous if the last condition is met,
since the attack could to be performed in a very short amount of time.

In order to remediate the vulnerability, *ALL* of the following actions
should be taken:

    -   Disable support for SSLv2.
    -   Disable support for SSLv2 in services using the same
certificate/private key.
    -   Upgrade OpenSSL to a version newer than 0.9.8zf, 1.0.0r, 1.0.1m or
1.0.2a.

Additionally, upgrading OpenSSL to a version newer than 1.0.1s or 1.0.2g
also mitigates the vulnerability by disabling SSLv2 and SSLv3 weak ciphers
by default.

Note that the vulnerability only affects servers and cannot be mitigated in
the client side.

The attack affects all servers that rely on SSL and TLS and either support
SSLv2 or share a certificate/private key with another server that supports
SSLv2.

The attack is possible since an attacker can use the server's support for
SSLv2 to perform an older attack, the Bleichenbacher padding oracle, to
recover the pre-master secret, which will be also used in SSL and TLS
connections that share the same certificate/private key. With the
pre-master secret, an attacker can compute the session keys for the SSL
session and decrypt the communication.

There is a service, provided by the original researchers, that checks if a
particular domain was vulnerable as of February 2016:

https://drownattack.com/#test

There is also a tool, published by the same researchers, that allows this
test to be performed massively and against different services:

https://github.com/nimia/public_drown_scanner

More details about the vulnerability can be found here:

https://drownattack.com/ <https://drownattack.com/#test>
https://www.openssl.org/news/secadv/20160301.txt
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html

regard,

Asif Murad Khan

On Wed, Mar 2, 2016 at 6:09 PM, Jahangir Hossain <jrjahangir at gmail.com>
wrote:

> *Possible solution :*
>
> *- Disable SSLv2*
>
> Network administrators should disable SSLv2 support. The researchers have
> provided more information on how to disable SSLv2 for various server
> products.
>
> Network administrators can determine if a server supports SSLv2 with the
> following command:
>
> openssls_client -connect host:443 -ssl2
>
> If certificate information is returned, then SSLv2 is supported.
>
> SSLv2 has been deprecated since 2011.
>
> *- Do not reuse SSL certificates or key material*
>
> This issue can be mitigated on TLS connections by using unique SSL keys
> and certificates. If possible, do not reuse key material or certificates
> between SSLv2 and TLS support on multiple servers.
>
> *- Monitor network and use firewall rules*
> Recommend enabling firewall rules to block SSLv2 traffic. Since the attack
> requires approximately 1000 SSL handshakes, network administrators may also
> monitor logs to look for repeated connection attempts. However, this data
> may also be obtained via man-in-the-middle or other attacks, not solely
> from direct connections.
>
>
>
> *Stay secure ;\*
>
>
>
> On Wed, Mar 2, 2016 at 6:02 PM, Anurag Bhatia <me at anuragbhatia.com> wrote:
>
>> Interesting (and scary!)
>>
>>
>>
>> Thanks for sharing Jahangir.
>>
>> On Thu, Mar 3, 2016 at 12:28 AM, Jahangir Hossain <jrjahangir at gmail.com>
>> wrote:
>>
>>> Dear members ,
>>>
>>> Network traffic encrypted using an RSA-based SSL certificate may be
>>> decrypted if enough SSLv2 handshake data can be collected. Exploitation of
>>> this vulnerability - referred to as DROWN in public reporting - may allow a
>>> remote attacker to obtain the private key of a server supporting SSLv2.
>>>
>>> ​For more information please visit ,
>>>
>>>
>>> https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack
>>>
>>>
>>> https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory
>>> ​
>>>
>>>
>>>
>>> *Regards / Jahangir*
>>> *​ | Open Comm​*
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> nog mailing list
>>> nog at bdnog.org
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>>
>>>
>>
>>
>> --
>>
>>
>> Anurag Bhatia
>> anuragbhatia.com
>>
>
>
>
> --
> *Regards / Jahangir*
>
>
>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>


-- 
Asif Murad Khan
Cell: +880-1713-114230
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20160302/bd9748e6/attachment-0001.html>

• Previous message: [bdNOG] SSLv2 DROWN Attack
• Next message: [bdNOG] IANA allocates /15 of IPv4 to APNIC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]