Wednesday, March 4, 2015

How to check for SSL FREAK Vulnerability?

A research group named SMACK has released a vulnerability known as FREAK which can be used for man-in-the-middle (MITM) attack. The vulnerability is due to an old ghost created by USA Government (NSA, more specifically) where in, years ago, they convinced several organizations to use weaker keys, known as export-grade keys for any software that was to be used outside the borders of USA. While the use of strong keys is wide spread now, several servers still have support for the weaker keys.

The group discovered that this vulnerability can be exploited by using a client and making a connection via a weak key. Once the key is generated by the server, it is reused until the server is restarted which can potentially be months. The group was able to crack this weak server key in 7.5 hours using Amazon EC2. Once this is cracked, potentially all the communication can be downgraded to use weak keys and MITM'ed.

How to check if a server vulnerable or not?
Fire the following command:
$ openssl s_client -connect -cipher EXPORT

A handshake failure signifies that EXPORT cipher is not active on the server and it is safe.

Hacker News: Discuss and upvote on Hacker News.