[Ach] new OpenSSL exploitable bug?

ianG iang at iang.org
Thu Jun 5 14:17:59 CEST 2014

Another in the rash of weaknesses.  This might mean that the fabled many
eyeballs have opened up?


An attacker using a carefully crafted handshake can force the use of
weak keying material in OpenSSL SSL/TLS clients and servers. This can be
exploited by a Man-in-the-middle (MITM) attack where the attacker can
decrypt and  modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL.
Servers are only known to be vulnerable in OpenSSL 1.0.1 and
1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to
upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue.  This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly
based on an original patch from KIKUCHI Masashi.

More information about the Ach mailing list