High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.

OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol.

One of the high-severity flaws, CVE-2016-2107, allows a man-in-the-middle attacker to initiate a “Padding Oracle Attack” that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI.

A Padding Oracle flaw weakens the encryption protection by allowing attackers to repeatedly request plaintext data about an encrypted payload content.

The Padding Oracle flaw (exploit code) was discovered by Juraj Somorovsky using his own developed tool called TLS-Attacker, which allows developers to test their TLS servers with specific TLS messages.

The “OpenSSL Padding Oracle in AES-NI CBC MAC Check” exists in the cryptographic library since 2013, when OpenSSL patched another Padding Oracle flaw called Lucky 13 that compromised TLS cryptography.

> “What we have learned from these bugs is that patching crypto libraries is a critical task and should be validated with positive as well as negative tests. For example, after rewriting parts of the CBC padding code, the TLS server must be tested for correct behaviour with invalid padding messages. I hope TLS-Attacker can once be used for such a task.” Juraj said in a blog post.

The second high-severity bug, CVE-2016-2108, is a memory corruption flaw in the OpenSSL ASN.1standard for encoding, transmitting and decoding data that allows attackers to execute malicious code on the web server.

The vulnerability only affects OpenSSL versions prior to April 2015. Although the issue was fixed back in June 2015, the security impact of the update has now come to light.

According to OpenSSL, this flaw can potentially be exploited using maliciously-crafted digital certificates signed by trusted certificate authorities.

OpenSSL also patched four other low-severity vulnerabilities including two overflow vulnerabilities, one memory exhaustion issue and one low severity bug that resulted in arbitrary stack data being returned in the buffer.

You can find more technical details about the critical OpenSSL vulnerabilities on CloudFlare.

The security updates have been released for both OpenSSL versions 1.0.1 and 1.0.2 and administrators are advised to apply patches as soon as possible.