Decades-Old SSLv2 DROWN Bug Hides in a Third of All HTTPS Servers
The folks behind the OpenSSL project announced a newly discovered bug in a 21-year-old code that resides in servers running TLS (Transport Security Layer) for secure communications.
DROWN (Decrypting RSA using Obsolete and Weakened Encryption) uses a Man-in-the-Middle (MITM) attack that “allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.”
The Red Hat Security Blog rates this bug as Important Security Severity and “advises that SSLv2 is a protocol that should no longer be considered safe and should not be used in a modern environment.”
According to OpenSSL-led Drownattack site, 33 percent of all secure HTTPS servers are vulnerable to attack. In addition to providing a full technical paper, the website provides a handy tool to check to see if your server is vulnerable.
The code at the heart of DROWN is SSL v2, first released in 1995 and “declared dead less than a year later,” according to Qualys director of engineering Ivan Ristic, writing in the Qualys Security Blog. “Even though this old version of SSL is not used much these days, it continues to be supported by many servers.”
Even though the code it ancient in computer years and not in current use, it “can be used to exploit TLS, even in cases when client devices don’t support SSL v2, and sometimes even in cases when the servers don’t support SSL v2 (but use the same RSA key as some other server that does),” Ristic explained. Ristic provided more on the history of this bug here.
What is at stake?
The vulnerability can affect “any communication between users and the server,” according to the Drownattack site. “This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees.”
The Red Hat Security Blog explains, “This means that if an attacker can intercept and modify network traffic between a client and the host, the attacker could impersonate the server on what is expected to be a secure connection. The attacker could then potentially eavesdrop or modify important information as it is transferred between the server and client.” The company has also posted a vulnerability article with further details.
The fix is easy, according to Ristic. “Disable SSL v2 on all the servers in your system,” he wrote.
Red Hat has already provided an update for OpenSSL, disabling SSLv2. This is a good start, but the SSLv2 protocol needs to be disabled on every single server system wide.
“If you’ve been reusing private RSA keys (even with different certificates), disabling SSL v2 on one server is not going to help if there’s some other server (possibly using a different hostname, port, or even a protocol) that continues to support this old and crazy-vulnerable protocol version,” Ristic explained.
Red Hat is a sponsor of The New Stack.
Feature image from Drownattack.com.