The CVE-2016-2107 flaw affecting the open-source cryptographic library could be exploited to launch a man-in-the-middle attack leveraging on the ‘Padding Oracle Attack’ that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI.
According to the experts, the flaw affects the OpenSSL cryptographic library since 2013, when maintainers of the project fixed another Padding Oracle flaw called Lucky 13.
“A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.” states the advisory issued by the OpenSSL. “This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.”
The flaw was patched in early May with the release of the versions 1.0.2h and 1.0.1t, but according to an analysis conducted by the security firm High-Tech Bridge many of the Alexa Top 10,000 websites are still vulnerable.
“The bad news is that support of the AES CBC cipher is widely recommended for compatibility reasons, required by TLS 1.2 RFC and recommended by NIST guidelines. AES CBC cipher is also considered the strongest cipher for TLS 1.0 and TLS 1.1,” states a blog post published by the High-Tech Bridge.
The experts made a quick and non-intrusive research on the Alexa Top 10’000 most visited websites, e-commerces and social platforms searching for presence and exploitability of the OpenSSL CVE-2016-2107 vulnerability.
The researchers used a free SSL/TLS server test specifically designed to automate the research and perform the checks for the existence of CVE-2016-2107.
“We used our free SSL/TLS server test to automate the following checks for each company from the Alexa list:”
– Website HTTPS test (port 443)
– Email server SSL, TLS and STARTTLS test (hostname/port):
|mail.company.com||25, 110, 143, 465, 587, 993, 995|
|smtp.company.com||25, 465, 587|
The results are disconcerting, many websites on the web are exposed to MiTM attacks, web or email servers associated with 1,829 (19.29 percent) of the top websites had been both vulnerable and exploitable.
“To our surprise, quite a lot of the most popular resources of the Internet were discovered vulnerable. Here are the results:”
“Taking into consideration that the vulnerability can be exploited in practice and allows stealing user data, credentials, financial and personal information, such results are pretty disappointing,” continues the analysis.
If you want to test your server against the CVE-2016-2107 flaw you can use the SSL/TLS server test.
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – OpenSSL, encryption)