Heartbleed plugin, ready for FaasT

Thursday, April 10, 2014

There is a lot of good information about Hearbleed out there, there is little more to add. It is a extremely serious vulnerability, that has shaken the internet from the bottom up. Known as HeartbleedCVE-2014-0160, affects different versions of OpenSSL, from 1.0.1 to 1.0.1f and 1.0.2-beta1. It is fixed in 1.0.1g version.

Although media talked about 66% of affected sites, actually that is the figure corresponding to Apache and nginx market. Not all of them will use OpenSSL and, not all of them using it would be vulnerable. The problem has already been fixed in our Latch servers. By the way, we have renewed our certificates for the API connection. If you as a costumers were doing a certificate check on your side, you must update it with the new ones released yesterday

What can happen to me?

If a vulnerable version of OpenSSL is used, potentially, any user could be able to access an OpenSSL memory chunk. This means that, whatever is in memory in that moment, may be extracted by an attacker in a "clean", easy and remote way. In other words, if this extracted memory chunk contains users, passwords or session cookies or even the private key for that server (something that depends on probability and on "brute force")... this information would be exposed. Since an attacker may connect as many times as necessary, it seems serious indeed. So, the one attacked is not only the server, but its users, accounts, etc. Even depending on how SSL is configured, conversations between server and client could be retrospectively decrypted.

There are lots of scripts with proof of concepts that allow to, with just a click, attack vulnerable servers and, as a collateral effect, its users.

FaasT and Heartbleed

The Faast team has been getting with it during the last two days to adapt and create the code that checks if webs are indeed vulnerable. We already have this feature in our tool, as a plugin. FaasT tests the vulnerability with any OpenSSL used, even if its version claims to be safe.

HeartBleed real time detection, shown in FaasT vulnerabilities list

Faast features includes a way to show, as a picture, the evidence of a vulnerability exploited in a target. The evidence is shown both in the scanning report (in PDF) and the web interface.

Example of an evidence with FaasT

No comments:

Post a Comment