Cyber Security

Java encryption implementation error made it trivial to forge credentials

A catastrophic vulnerability in the implementation of certain encryption operations in Java JDK makes it easy for attackers to forge counterfeit credentials.

The cryptographic weakness – which affects Java JDK versions 15 and later – was addressed by Oracle with an update released as part of its regular quarterly patch batch on Tuesday (April 19).

Both Oracle Java and OpenJDK need updating because of flaws that involve the implementation of widely-used ECDSA (Elliptic Curve Digital Signature Algorithm) signatures.

The whole problem stemmed from a coding error rather than a problem with the underlying encryption technology.

Left unaddressed, the flaws make it possible for an attacker to forge some types of SSL certificates and handshakes – opening the door to manipulator in the middle attacks.

Signed JWTsSAML assertionsWebAuthn authentication messages, and more can all be easily hacked because of the cryptographic blunder, security researcher Neil Madden warns.

“It’s hard to overstate the severity of this bug,” Wadden, a security architect at ForgeRock, explains in a technical blog post on the issue.

“If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU).”

Psychic paper

Java has supported ECDSA, a widely used standard for signing all kinds of digital documents, for some years. The mistake came with the rewrite of the EC code from native C++ code to Java as part of the Java 15 release, as Wadden explains.

Java’s implementation of ECDSA signature verification didn’t check if r or s [values related to an ECDSA signature] were zero, so you could produce a signature value in which they are both 0 (appropriately encoded) and Java would accept it as a valid signature for any message and for any public key. The digital equivalent of a blank ID card.

Wadden compares this blank ID card concept to the psychic paper in sci-fi series Doctor Who, which is used by the titular character to fool people into co-operating.

Fraught disclosure

Wadden and his colleagues at identity and access management firm ForgeRock discovered the flaw last November, at which point they reported it to Oracle and other Java developers. The subsequent disclosure process was less than ideal.

“I was disappointed in the disclosure process,” Wadden told The Daily Swig. “I reported to OpenJDK alias and then ended up in Oracle black hole.”

“To be fair, they did respond reasonably quickly to emails, but always with bare minimum response and I wasn’t given any details on the fix until it landed in the OpenJDK GitHub backport repos.”

Conflicting scores

In its release notes, Oracle grades the vulnerability with a CVSS score of only 7.5. ForgeRock, by contrast, rates the vulnerability’s score as 10.

Advertisement. Scroll to continue reading.

According to Wadden, the industry dodged a bullet. “I’m surprised it [wasn’t] found and exploited, but maybe that says more about how entrenched Java 8 still is!”

“Most people consider public key signature schemes to be super-secure, but in reality, these kind of implementation bugs are not uncommon.

“For me, one of the most disturbing aspects of looking at this was realising how the WebAuthn/FIDO [Fast Identity Online – an authentication technology] ecosystem is basically a monoculture around ECDSA P-256 signatures at this point,” Wadden concluded.

Assessment of the seriousness of the bug was backed up by industry luminary Thomas H Ptacek who described it on Twitter as the “crypto bug of the year”.

Source: https://portswigger.net/daily-swig/java-encryption-implementation-error-made-it-trivial-to-forge-credentials

Click to comment

You May Also Like

Cyber Security

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich....

Cyber Security

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word...

Cyber Security

A new form of communication on Twitter called the Encrypted Direct Message has been made available by Twitter. It will appear in your inbox...

Cyber Security

The agency continues its post-quantum cryptography push as it looks to create guidance for all sectors. The latest step in post-quantum cryptography guidance is...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version