[openssl-users] CVE-2015-1793 only on cert-based client auth?

Colin Edwards colin.p.edwards at gmail.com
Tue Jul 14 17:23:52 UTC 2015 

Thank you, Kurt.  The information I was getting (from some sources) was that
the vulnerability was only present in configurations where the server was
authenticating a client certificate.  The fact is, the vulnerability applies
to certificate validation regardless of if it's on the client or server
side.

I'm going to assume what those sources were probably augmenting their
assessment with their own risk analysis and decided that the only place the
risk exists (not vulnerability) is in clients presenting forged certificates
in situations where client auth is implemented.  That would make sense (like
you said) if we're talking about https, because basically no browsers are
implemented using OpenSSL, so presenting a forged server cert to a client is
basically a scenario that will not happen.  But it could happen for other
apps that use OpenSSL in their comm stack, even if they are only using
server authentication.

Thanks again,
Colin Edwards
CISSP, GCIH, GCWN, GSEC, MCSE

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
Kurt Roeckx
Sent: Tuesday, July 14, 2015 1:06 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] CVE-2015-1793 only on cert-based client auth?

On Mon, Jul 13, 2015 at 01:03:09PM -0400, Colin Edwards wrote:
> I've been reading/hearing different opinions on the recent 
> vulnerability for cert chain forging that was patched (CVE-2015-1793).
> 
> Some people are saying the vulnerability only exists if a system is 
> using certificate-based client authentication (mutual auth, where both 
> server and client are authenticated).  `Basically, that the chain 
> forging can only be done on the client side.
> 
> Others are saying certs can be forged on the server, on 
> implementations that use only server-side authentication, and if the 
> client is using OpenSSL it will verify/accept the forged chain.  The 
> could effectively result in MitM against OpenSSL clients.

It's whenever a certificate is received (and validated).  This means either:
- A client is authenticating a server (server authentication)
- A server is authenticating a client (client authentication)

Of course both could be happening for the same connection.

It's much more common that the client authenticates the server.
Certainly for https client authentication is uncommon.  Also, for https the
client ussually isn't OpenSSL based, except for android.


Kurt

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list