Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Weakness ID: 593 (Weakness Variant)Status: Draft
+ Description

Description Summary

The software modifies the SSL context after connection creation has begun.

Extended Description

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Common Consequences
ScopeEffect
Authentication

No authentication takes place in this process, bypassing an assumed protection of encryption.

Confidentiality

The encrypted communication between a user and a trusted host may be subject to a "man in the middle" sniffing attack.

+ Demonstrative Examples

Example 1

(Bad Code)
Example Language:
#define CERT "secret.pem"
#define CERT2 "secret2.pem"

int main(){
SSL_CTX *ctx;
SSL *ssl;
init_OpenSSL();
seed_prng();

ctx = SSL_CTX_new(SSLv23_method());

if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1)
int_error("Error loading certificate from file");

if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1)
int_error("Error loading private key from file");

if (!(ssl = SSL_new(ctx)))
int_error("Error creating an SSL context");

if ( SSL_CTX_set_default_passwd_cb(ctx, "new default password" != 1))
int_error("Doing something which is dangerous to do anyways");

if (!(ssl2 = SSL_new(ctx)))
int_error("Error creating an SSL context");
}
+ Potential Mitigations

Phase: Architecture and Design

Use a language which provides a cryptography framework at a higher level of abstraction.

Phase: Implementation

Most SSL_CTX functions have SSL counterparts that act on SSL-type objects.

Phase: Implementation

Applications should set up an SSL_CTX completely, before creating SSL objects from it.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class592Authentication Bypass Issues
Development Concepts (primary)699
Research Concepts1000
ChildOfWeakness BaseWeakness Base666Operation on Resource in Wrong Phase of Lifetime
Research Concepts (primary)1000
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
94Man in the Middle Attack
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Common Consequences, Relationships, Other Notes
2009-07-27CWE Content TeamMITREInternal
updated Description, Other Notes, Potential Mitigations
Back to top