OpenSSL CCS Injection Vulnerability (discovered 2014-06-05)

The CCS Injection vulnerability in OpenSSL allows someone to intercept communications between a vulnerable device and a vulnerable server by way of a man-in-the-middle attack. That means a well-placed attacker can see what information a site sends you and what you send a site. The biggest factors at risk are your personal data - your email, passwords, payment information, or personal details.

OpenSSL’s ChangeCipherSpec processing has a serious vulnerability. This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes.

There are risks of tampering with and exploits on contents and authentication information over encrypted communication via web browsing, E-mail and VPN, when the software uses the affected version of OpenSSL.

===

FAQ

===

Q. How to stop the leak?

A. You can apply software updates from each software vendors.

Q. What versions of OpenSSL are affected?

A. Affected Versions:

• OpenSSL 1.0.1 through 1.0.1g

• OpenSSL 1.0.0 through 1.0.0l

• all versions before OpenSSL 0.9.8y

Not Affected Versions:

• OpenSSL 1.0.1h

• OpenSSL 1.0.0m

• OpenSSL 0.9.8za

Q. What are the risks?

A. Attackers can eavesdrop and make falsifications on your communication when both of a server and a client are vulnerable, and the OpenSSL version of the server is 1.0.1 or higher. Attackers can hijack the authenticated session, if the server is vulnerable (even if the client is not vulnerable).

Q. Do I have to re-create my private keys or certificates?

A. No. Attackers cannot steal your private keys through this bug itself. However if you have transferred your private keys via paths protected by SSL/TLS, the keys could be sniffed. If this is the case, consider regenerating the keys or certificates.

Q. Is CCS injection because of an SSL/TLS specification defect?

A. No. It is OpenSSL implementation problem.

Q. What protocol versions are affected?

A. All versions (SSL3.0, TLS1.0, TLS1.1, TLS1.2) are affected.

Q. What encryption algorithms are affected?

A. All encryption algorithms are affected.

Q. Can I detect if someone has exploited this against me?

A. Exploitation of this bug do not leave any traces.

Q. Can IDS/IPS detect this attack?

A. Configuring your IDS/IPS to detect invalid order of messages enables your IDS/IPS to detect the attacks.