Factoring Attack on RSA-Export Keys (FREAK) (CVE-2015-0204)

One of the latest vulnerabilities receiving a lot of attention from the IT Industry is the SSL/TLS vulnerability known as FREAK (Factoring Attack on RSA-Export Keys). This attack utilizes MiTM attack vectors to down grade secure SSL/TLS connections. More specific, these connections will utilize old RSA-EXPORT cipher suites with 512-bit RSA key's (40-bit symmetric ciphers). Using the following steps, this attack can potentially lead to the compromise of sensitive data:

  • 1. The Client initiates a connection with the server using a Hello message that requests a secure connection utilizing a standard RSA cipher suite.
  • 2. The attacker intercepts this connection using a proxy (MitM) and changes the message to request an export RSA cipher suite.
  • 3. If the server accepts export cipher suites, it will then accept the request and respond with a 512-bit export RSA key.
  • 4. The client will then accept this response finalizing the connection. This is due to the OpenSSL Secure Transport vulnerability (Heartbleed) (CVE-2015-0204).
  • 5. The attacker will then have to factor the RSA modulus to retrieve the RSA decryption key associated with each connection. This allows the attacker to decrypt the pre-master secret used in the key exchange process.
  • 6. Once the client sends the pre-master secret to the server, the server will respond with the master secret, which the attacker can now retrieve using the MitM proxy previously setup.
  • 7. Using the master key, the attacker can then view all communication between the client and server. Additionally, the attacker may choose to modify or inject information into the data streams to influence the remainder of the communication process.

Mitigation Strategies

  • Disable all RSA-EXPORT cipher suites on all servers.
  • Ensure your clients and servers are all updated, this includes, but is not limited to: OS patches and updates, software patches and updates, and any other scripts or programs utilizing SSL/TLS connections. It is critical that security professionals verify their OS and underlying applications do not utilize EXPORT grade cipher suites.
  • Verify your servers are safe using Qualys SSL Server Test at ssllabs.com.
  • Verify your browser is safe using freakattack.com.

An Example of some of the affected cipher suites are:

  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
  • TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
  • TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA