The OpenSSL Project has released a new version of its widely used, open source SSL and TLS encryption library to fix a critical vulnerability that could potentially expose the sensitive Internet communications of millions of OpenSSL users.
Analysis: A SANS expert calls the 'Heartbleed' OpenSSL vulnerability the worst bug he has ever seen, and that's before the fallout is fully understood.
Dubbed 'Heartbleed' by the researchers that uncovered it, the OpenSSL vulnerability, CVE-2014-0160, was first introduced in December of 2011 and is the result of a missing bounds check in the handling of the TLS heartbeat extension. According to the OpenSSL security advisory, the flaw can expose up to 64 k of memory of any connected client or server.
The vulnerability affects OpenSSL versions 1.0.1 through 1.0.1f, with the latest version, 1.0.1g, fixing the issue.
A Q&A website set up by those who reported the flaw, Google Security's Neel Mehta and three researchers from security vendor Codenomicon, explains that the Heartbleed vulnerability could expose some of the most sensitive data transmitted over the Internet, including the secret keys used for X.509 certificates, usernames and passwords, emails and instant messages, and any other communications supposedly protected by an OpenSSL implementation.
Even worse, an attacker taking advantage of the flaw could go undetected.
"We have tested some of our own services from [an] attacker's perspective. We attacked ourselves from outside, without leaving a trace," the researchers said. "This bug has left [a] large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously."
The researchers went on to warn that any sensitive communications that may have been intercepted in the past could still be in the hands of attackers, meaning that in addition to implementing the patched version of OpenSSL, organizations must also revoke potentially compromised keys, issue new keys, and change passwords.
OpenSSL is found in open source Web servers like Apache and nginx, which when combined, make up more than two-thirds of active sites, according to the latest figures from analysis firm Netcraft, as well as a number of Linux distributors, including Ubuntu 12.04.4 LTS, Fedora 18 and Debian Wheezy.
San Francisco-based content delivery network and distributed denial-of-service mitigation provider CloudFlare also utilizes OpenSSL, but according to a blog post by engineer Nick Sullivan, the company was able to fix the vulnerability last week, as key stakeholders were informed ahead of the general public. "All sites that use CloudFlare for SSL have received this fix and are automatically protected," Sullivan said.
Despite apparent early warnings to administrators of key websites, several of the world's key websites were vulnerable as news of Heartbleed went public. Example screenshots posted to Twitter, for example, showed Yahoo releasing login and password credentials.
For organizations that can't update their OpenSSL implementations immediately, the researchers suggested enterprises train their intrusion prevention/detection systems (IDS/IPS) "to detect use of the heartbeat request" based on a comparison of the size of such a request against the size of the corresponding reply. "This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether," the researchers said.
Netherlands-based incident response and monitoring firm Fox-IT offered up some signatures for the popular open source IDS Snort, though the company's blog post warned that the rules might generate some false positives.
However, the critical nature of the data protected by OpenSSL means organizations shouldn't rely on such measures longer than is absolutely necessary.
"Heartbleed is a rare bug: a failure in a crypto library that leaks data beyond what it's protecting," said Matt Blaze, associate professor at the University of Pennsylvania and cryptographic researcher, on Twitter. "So worse than no crypto at all."