“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net

ID MYHACK58:62201559613
Type myhack58
Reporter 佚名
Modified 2015-03-05T00:00:00


Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no avail.


This vulnerability number CVE-2 0 1 5-0 2 0 4, people name it as FREAK(Factoring Attack on RSA-EXPORT Keys) is. Hackers or intelligence agencies can take to force the client to use the lower version and included vulnerabilities of encryption methods, including the United States export-grade key-5 1 2-bit RSA key.

FREAK vulnerability is a by the French National Information and automation Research Institute(Inria)and Microsoft researchers Co-discovered. To this end, they have studied the OpenSSL v1. 01k and before the Protocol version, and Apple's secure transport mechanism.

9 0 years of secret operations

9 0's, the U.S. government required in the goods before export, the requirements of the export of products and equipment for the“black box”--you must use a cryptographically weak“export grade”encryption, this encryption method can facilitate the intelligence agencies and special agencies to crack use. At that time the only Native American product to use stronger encryption.

Although later that a“political demand”Spy means has been abandoned, but how many years have passed, such a cryptographically weak“export grade”encryption, still exists, so the formation of the FREAK vulnerability.

Now, the FREAK vulnerability allows hackers to easily decrypt the website's private key and encryption password, the login cookie, as well as other HTTPS transmission of confidential data(such as account number, password).

Johns Hopkins University-Information Security Institute, research assistant Professor, in the blog summary on FREAK the vulnerability of the relevant circumstances, and to show us how a hacker can take this cast MiTM attack:

  1. The client sends a Hello message, it will request the standard RSA encryption

  2. MiTM attacker can change the request content, instead of the request“export-grade RSA encryption”

  3. The server will give back a 5 1 2-bit export-grade RSA key, and use your own key signature

  4. Due to the OpenSSL/Secure transmission of the bug, the client will accept the presence of the vulnerabilities of the key

  5. Hack through the analysis of the RSA modulus reduction of the corresponding RSA key

  6. When the client is encrypted“pre-master secret”such a message, and sends the service end, the hacker will be able to by obtaining a RSA key to decrypt, read“master secret”

  7. From this step on, the hack can see the plaintext, and then to its content any modifications

3 6%of SSL/TLS websites are affected


When we to more than 1. 4 million SSL/TLS sites were found after the scan wherein there are at least 3 to 6% of individuals the presence of the vulnerability, and supports the export-grade RSA encryption.

In the late 9 0 ' s, crack the 5 1 2-bit key need operation Super computer. Today, we only need to spend 7 hours+about 1 0 0$, You can easily get this encryption mechanism.

If the user is using a contain a vulnerability in the device, we can try to use the FREAK vulnerability it attacks. Now like Android, iPhone, and running the OS X system to Apple Mac computers, if the device containing the SSL/TLS Protocol vulnerability, even if using HTTPS the site may still suffer from the middleman attack. Fortunately, Windows and Linux users, is not currently affected by the vulnerability.

[1] [2] next