CIS CYBER ALERT

DATE ISSUED:
03/06/2015

SUBJECT:
FREAK Attack: Improper Configuration of SSL/TLS

CIS recently became aware of a vulnerability in certain implementations of SSL/TLS, which could allow for the disclosure of sensitive information. This vulnerability allows an attacker to intercept the HTTPS connection from vulnerable clients or servers by downgrading the RSA key to the weaker, export-grade, 512-bit RSA keys. With the implementation of the weak key, an attacker can attempt to break the cipher in order to perform a man-in-the-middle (MITM) attack. The associated attack has been nicknamed a FREAK attack.
Apple SecureTransport, used in both iOS and OS X, OpenSSL for systems such as Android and Linux, and Windows Secure Channel (Schannel) for Windows Vista/7/8/Server, are among the affected systems. Various browsers such as Safari, Opera and some versions of Chrome are also affected across all operating systems, including iPhone, Android, Linux, and Windows.

A successful attack may lead to the disclosure of sensitive information and cookie-based authentication credentials which may lead to other attacks.

Recommendations:
We recommend the following actions:

  • Apply appropriate patches/updates to vulnerable systems immediately after appropriate testing when they become available.
  • For servers, immediately disable support for the RSA_Export cipher suite.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

 

REFERENCES:
Threat Post:
https://threatpost.com/new-freak-attack-threatens-many-ssl-clients/111390

Microsoft:
https://technet.microsoft.com/library/security/3046015

The Register:
http://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/


Tracking the FREAK Attack:
https://freakattack.com/

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1637