According to a security advisory published by OpenSSL, there are high-severity security flaws in the software toolkit that could be exploited to bypass certificate verification and even carry out denial-of-service (DoS) attacks. Among the flaws, is one tracked as CVE-2021-3450, that prevents applications from rejecting TLS certificates that are not digitally signed by a trusted certificate authority (CA).
While the second flaw, tracked as CVE-2021-3449 concerns a potential denial-of-service (DoS) vulnerability due to NULL pointer dereferencing which can cause a TLS server to crash when in the course of renegotiation, the client transmits a malicious "ClientHello" message during the handshake.
How the OpenSSL Flaws could be exploited to bypass Certificate verification and for DoS attacks?
OpenSSL TLS server if sent a maliciously crafted renegotiation ClientHello message and if a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result.
The NULL pointer then could lead to a crash and a denial of service (DoS) attack. Albeit, the server is only vulnerable if it is running TLSv1.2 and renegotiation enabled, but OpenSSL TLS clients are not impacted by this security issue.
In order to bypass Certificate verification, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.
The flaw prevent apps from rejecting TLS certificates that are not digitally signed by a trusted certificate authority (CA) and affects all OpenSSL 1.1.1 versions, including OpenSSL versions 1.1.1h and newer.
How to Mitigate against the OpenSSL Flaws
The maintainers of OpenSSL has promptly released patches for high-severity security flaws, after the vulnerability was discovered by Xiang Ding and others at Akamai, with a fix released on GitHub by the former Red Hat principal software engineer and OpenSSL developer, Tomáš Mráz.
The fix for the vulnerabilities are available in the updated version OpenSSL 1.1.1k released on Thursday. Therefore, applications that rely on the vulnerable version of OpenSSL are advised to apply the patches in order to mitigate the risks.