In March 2021, cybersecurity researchers disclosed two high-severity vulnerabilities that were discovered in the popular cryptography library, OpenSSL. While one of the flaws can allow attackers to bypass CA1 certificate checks, the other could result in a Denial of Service (DoS) attack. OpenSSL is a well-known open-source cryptography library that enables the implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, used to secure communication over computer networks.
CVE-2021-3449 - Denial-of-service to TLS server
The DoS vulnerability (CVE-2021-3449) in OpenSSL TLS server can cause the server to crash if during the course of renegotiation the client sends a maliciously crafted ClientHello message.
If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a DoS attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration).
OpenSSL servers running versions between 1.1.1 and 1.1.1j (both inclusive) that have both TLSv1.2 and renegotiation enabled are impacted by this issue. OpenSSL has subsequently released the security updates addressing this issue in OpenSSL 1.1.1k.
CVE-2021-3450 - Bypass of CA certificate verification
The vulnerability lies in the implementation of X509_V_FLAG_X509_STRICT, a flag used by the OpenSSL client to implement additional security checks while setting up a new TLS connection and is disabled by default. OpenSSL uses the Elliptic Curve Cryptography (ECC) algorithm for encryption and decryption, and the X509_V_FLAG_X509_STRICT check ensures that certificates using non-standard elliptic curve parameters are disallowed.
However, the implementation of this check resulted in this very security flaw. Were an attacker to use a crafted certificate that is unverified by a CA, it would be rejected. But, if the same certificate uses standard ECC parameters and X509_V_FLAG_X509_STRICT is enabled, the previous result would be overridden, resulting in the certificate being deemed as verified, thus rendering the security checks useless.
OpenSSL versions 1.1.1h and above are impacted by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k, which contains security updates addressing this issue.
Users of OpenSSL 1.0.2 are not impacted by either of these issues.
Implications for Nexusguard and its Customers
Nexusguard is a cloud-based cybersecurity solution provider fighting malicious internet attacks, with over 12 years of DDoS fighting experience. All our platforms enforce strict inspections on SSL renegotiation messages and certificate verification, and undergo rigorous security hardening, so as to ensure there is no risk of the aforementioned vulnerabilities.
Furthermore, we adhere to stringent security compliance rules and apply the latest security updates to further harden our platforms and infrastructures to safeguard the availability and service uptime of our clients’ networks. Above all, Nexusguard endeavours to provide our clients with peace of mind by countering and mitigating all threats and ensuring maximum uptime.
1CA, short for Certificate Authority is a trusted issuer of digital certificates. It essentially checks newly-created certificates to verify the authenticity of the certificate creator over the domain name that they claim, prior to signing and issuing the certificate.