OpenSSL security flaw could affect millions of websites, warn researchers

At least two-thirds or websites could be affected by an OpenSSL cryptographic library flaw, warn researchers

At least two-thirds of websites could be affected by an OpenSSL cryptographic library flaw dubbed Heartbleed, which attackers can exploit to steal information without a trace, warn researchers.

They say the flaw could allow attackers to monitor all data exchanged between a user and a web service or even decrypt past traffic they have collected.

The flaw compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.

“This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users,” the researchers wrote on a dedicated website.

The security flaw exists in all versions of OpenSSL released between 14 March 2012 and 7 April 2014, when the flaw was fixed with the release of OpenSSL 1.0.1g.

The vulnerable versions of OpenSSL are 1.0.1 up to and inclusive of 1.0.1f. But the OpenSSL 1.0.0 branch and 0.9.8 branch are not vulnerable.

This means millions of websites that are using affected versions of OpenSSL that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption are vulnerable to data theft.

Heartbleed is a reference to the flaw in the OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520).

It was discovered independently by researchers at security firm Codenomicon and Neel Mehta, of Google security, who first reported it to the OpenSSL team.

They say it is unclear to what extent the flaw has been exploited, but raise concerns that the vulnerability is likely to be widespread.

According to Codenomicon, the most notable software using OpenSSL is open-source web servers such as Apache and nginx.

The combined market share of these servers, out of the active sites on the internet, was reported a more than 66% in Netcraft's April 2014 Web Server Survey.

OpenSSL is also used to protect email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks, network appliances and wide variety of client side software.

Codenomicon notes that many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software.

However, smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most, the company said.

Codenomicon also notes that OpenSSL is also “very popular in client software and somewhat popular in networked appliances, which have most inertia in getting updates.”

Some operating system distributions that have shipped with potentially vulnerable OpenSSL versions include Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2, and OpenSUSE 12.2.

But Debian Squeeze (oldstable) and Suse Linux Enterprise Server are not vulnerable.

Codenomicon said the fixed version of OpenSSL should be deployed, warning that as long as the vulnerable version of OpenSSL is in use it can be abused.

The advice is to update to the just-released OpenSSL 1.0.1g immediately. If this is not possible, software developers are advised to recompile OpenSSL with the compile time option OPENSSL_NO_HEARTBEATS.

Distribution, appliance suppliers, operating system suppliers and independent software suppliers are advised to adopt the fix and notify their users.

Service providers and users are advised to install the fix as it becomes available for the operating systems, networked appliances and software they use.

Service providers are also advised to revoke compromised cryptographic keys and reissue X.509 certificates with new keys.


Read more on Privacy and data protection