‘Heartbleed’ OpenSSL Bug Left HTTPS Servers Vulnerable For Two Years

Security researchers have patched a serious vulnerability in the popular OpenSSL cryptographic library that they say has left OpenSSL users exposed for the past two years.

Exploitation of the flaw, nicknamed “Heartbleed” and given the official designation CVE-2014-0160, could allow attackers to obtain the secret encryption keys that allow the decoding of material protected by OpenSSL.

What’s more, attacks targeting the flaw leave no traces, meaning that organisations have no way of knowing if they have already been attacked, the researchers said.

Advice: Act Quickly, But Don’t Panic

Heartbleed media frenzy ignores admins

Attacks leave no trace

In other words, even if organsations do everything they can to protect themselves, it’s possible, for instance, that attackers may already have obtained secret encryption keys that could enable them to access encrypted traffic that they have intercepted in the past.

“Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will,” the researchers said in a website created to spread information about the bug. “Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption.”

The bug may also have been used to discover security details such as keys, passwords and other credentials, meaning, for instance, that the account passwords on websites using vulnerable versions of OpenSSL may have been compromised.

The bug was independently discovered by three researchers from Finnish security firm Codenomicon and by Neel Mehta of Google Security. The researchers said given the fact that attacks leave no traces, they are unaware of whether the bug may already have been discovered and exploited by cyber-criminals. They called upon security researchers to deploy “honeypots” of vulnerable servers in order to detect exploitation attempts, in order to help determine whether the bug is already in the wild.

OpenSSL is the most popular open source cryptographic library and TLS implementation, being used for instance in the Apache and nginx web servers, which power about 66 percent of websites, according to Netcraft figures dating from April. The technology is used to protect email servers, chat servers, virtual private networks, network appliances and client-side software.

Programming error

The researchers said that many large consumer sites may be unaffected by the flaw due to the fact that they use SSL/TLS termination equipment and software based on older versions of OpenSSL. “Ironically, smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most,” they wrote.

The bug, which is an implementation flaw introduced by a programming error, was introduced into OpenSSL with version 1.01, which was released publicly in March 2012. OpenSSL 1.01g, released on Monday, fixes the flaw.

“The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems,” the researchers wrote. “Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.”

Makers of software that includes the flaw, such as Red Hat, SuSE, Canonical and Oracle, are currently preparing patched versions of OpenSSL. Other recovery work must be carried out by the services running OpenSSL, such as email and web services providers, according to the researchers.

It will also be up to these firms to determine how likely it is that their services may have been compromised, and thus whether it is necessary to obtain new encryption keys and to inform users that their security details may have been compromised.

“We have tested some of our own services from attacker’s perspective,” said the Codenomicon researchers. “We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”

Codenomicon said it has gone through the process of patching its own critical systems and is now dealing with the possible compromise of material such as encryption certificates, usernames and passwords. “All this just in case we were not first ones to discover this and this could have been exploited in the wild already,” the researchers said.

Members of the Tor anonymity network said the bug is likely to have broad implications for web-based security.

“Expect everybody who runs an HTTPS webserver to be scrambling today,” said Tor project leader Roger Dingledine in a blog post on Monday. “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”

CloudFlare, a web content delivery network, was one of the first to disclose the flaw publicly, in a blog post on Monday informing users that the company had fixed the bug last week. “This bug fix is a successful example of what is called responsible disclosure,” the company stated. “This model helps keep the Internet safe.”

CloudFlare has reportedly been criticised for making the bug public before patches were available to users. However, the OpenSSL project’s own public advisory on the issue was published shortly before CloudFlare’s announcement, according to Codenomicon.

Read our advice on dealing with the Heartbleed issue

How admins got left out of the Heartbleed circus

Are you a security pro? Try our quiz!