“FREAK” Vulnerability (CVE20150204): Pretty Much All Systems are Exposed

New Security Internet Security Flaw Discovered

The list of flaws in trusted security algorithms has grown again with the recent announcement of the “FREAK” (Factoring Attack on RSA-EXPORT Keys) vulnerability also known as CVE-2015-0204.

First reports confirmed that many OpenSSL implementations contained the flaw and today Microsoft issued Security Advisory 3046015 confirming that all versions of Windows are vulnerable.

Where Did The Freak Vulnerability (CVE2015-0204) Come From?

The details of the vulnerability are alarming and largely due to flawed federal policies on encryption dating back to the 1990s. Around that time products like PGP (Pretty Good Privacy) were starting to see wider distribution and the U.S. officials responded by passing laws to control the export of any product that included high grade encryption. It was a futile effort and the battle was eventually won by crusaders such as Phil Zimmerman.

Some would even say there is a darker side to government efforts on the control and distribution of encryption technology:

According to noted cryptographer Matthew Green, who teaches cryptography at Johns Hopkins, the US government demanded this so the NSA could access foreign communications, whilst making it seem like the country was helping spread adequate crypto for everyone. Forbes

So how did this lead to today’s FREAK vulnerability? In order to allow use in controlled nations, SSL implementations included support for weakened versions of the RSA encryption algorithm. Instead of using 1024-bit or 2048-bit keys, they would step down to 512-bit keys as a part of the negotiation process that all browsers use when they connect to a secure server. That feature is what lead to the FREAK vulnerability that is in the news today. Security researchers discovered that it’s possible to tinker with the SSL negotiation process and trick a secure server into downgrading the session key to 512 bits.

How Does Freak Attack RSA Export Keys?

Now just what does mean? An RSA key is the product of two large prime numbers and there’s no really fast factoring algorithm for breaking a key. It’s known as a ‘trapdoor’ funcion. If I give you two big prime numbers, you can multiple them together and get the result in an instant. But on the other hand, if I give you the just result, finding the two primes that make it up is a much, much more difficult task.

At the time, the use of weakened keys wasn’t a huge issue, because factoring a 512-bit number was a pretty much insurmountable task. The first public announcement of a 512-bit factorization wasn’t until August 1999, and even then it required 300 fast computers running solidly for 7 months. The cost and time might have made it feasible to break individual keys that protected highly sensitive data, but that’s all.

Fast forward to today, and it is now possible to break a 512-bit key in 7.5 hours using $104 of computing time on Amazon AWS instances, which makes it a profitable venture to grab banking credentials from a targeted web banking session.

What Does Freak Mean for SysAdmins & IT Professionals?

The implications for system administrators and IT professionals are severe too. Early indications suggest that the FREAK flaw could be used to escalate the permissions of a low level account up to the administrator level. Vendors are rolling out patches. The OpenSSL project has patched its code. Google, Apple and Microsoft have all announced that they will have patches coming very soon.

Over the next few days it will be important for all sysadmins to roll out updates as soon as they become available.

About Us

FrameFlow develops professional server and network monitoring tools to help you be sure your critical systems are up and running. We invite you to take a closer look and see how FrameFlow can help you to keep your servers going and keep your network flowing.