Qualys Blog

www.qualys.com
Lino Lopez-Luna

Addressing CVE-2015-0204 FREAK with Qualys VM

This past year we have seen an overwhelming interest in SSL library exploits, and FREAK or "Factoring RSA EXPORT Keys" is another one. The full impact is yet to be known as the flaw was baked in the development of secure web communications, so browsers, web clients and hosts would negotiate the strongest encryption “allowed,” falling back to weaker, “export” protocols as required. The most updated list of browsers appears to include: Internet Explorer, Chrome on Mac OS and Android, Safari on Mac OS and iOS, Blackberry Browser, and Opera on Mac OS and Linux.


Why It Is Important For You

Researchers have identified that a MITM attack is possible forcing HTTPS connections to use weaker and easier to crack encryption. This vulnerability affects clients that communicate with servers that offer RSA_EXPORT cipher suites and are using a implementation of SSL that is vulnerable to FREAK, which includes Windows’s SChannel, Apple’s and Android’s OpenSSL based libraries.The server part itself is not vulnerable, but a server can avoid its client from being attacked by not offering the RSA_EXPORT ciphers.

An attacker connects to the web server with an export cipher and gets a message signed with the weak RSA key. Key gets cracked. For any future connections from innocent browsers, the attacker can act as a man in the middle (MiTM) connecting to clients, who will accept it. The attacker will then have access to all communication between the client and server.

As processing power increases and reduces time and cost of breaking encryption, there is a direct impact to the security of weaker, shorter keys. While an RSA 512-bit key a few decades ago might have been considered a good option, it is not so today. The key first 512-bit key was broken in 1999 and currently can be done through the use of on-demand computing power cloud provider in around 7 hours for an average cost in the range of $100.

Qualys Detections

The following detections are available in Qualys Vulnerability Management (VM):

unauthenticated: 42442, 42439

authenticated: 123362, 185099, 123220, 123267, 167518, 167519, 167521, 167522, 167505, 123184, 123180, 157019, 123155, 195787

Notes:

  • QID 42442 is the newest (published March 5, 2015) un-authenticated check, triggered when RSA_EXPORT ciphers are found on the target server and will work against any SSL/TLS server.
  • QID 42439 checks the OpenSSL banner in the web server header and will work only against web servers. However, banners are often suppressed, and QID 42439 will not work in this case.
  • The authenticated QIDs detect if the client is vulnerable (vs. the unauthenticated QIDs, which are for the server).

Recommended Action:

  1. If you are currently scanning your environment within a shorter recurrence, let’s say 24 hours, pull a report or do a host asset search based on the above QIDs.
  2. If your schedule recurrence is longer than 72 hours, then you might want to run a specific scan with a custom vulnerability detection list, to include the above QIDs on the option profile.

This action item will help to bring situational awareness over this specific vulnerability.

One response to “Addressing CVE-2015-0204 FREAK with Qualys VM”

  1. Definition Correction :
    As Per Qualys Defination for QID 38605 – SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability

    Threat : The remote SSL/TLS server is vulnerable to FREAK attack when:

    1.The “RSA+EXPORT” ciphers are supported;
    2.The size of the RSA public key in certificate is stronger than 1024;
    3.The temporary RSA key size is less than 1024;
    4.The temporary RSA key is stable(used multiple times);

    Only SSLv3 and TLSv1 are potentially vulnerable

    ***** So for Point no 2 which i think is incorrect and needs to be corrected as ” The remote SSL/TLS server is vulnerable to FREAK attack when: 2.The size of the RSA public key in certificate is weaker than 2048 ” however detection is correct by Qualys VM but as operational point of view it is creating chaos in Infra..Please provide your suggestions/inputs

Leave a Reply