FREAK SSL MITM(CVE-2015-0204)

Hack/No filtered

FREAK SSL MITM(CVE-2015-0204)

Jaden.. 2020. 4. 6. 08:42

취약점 확인 방법
alert handshake failure이 응답으로 돌아오면 양호
Certificate chain이 돌아오면 취약

openssl s_client -connect www.xxx.com:443 -cipher EXPORT

openssl s_client -connect www.xxxx.kr:443 -cipher EXPORT

While your question, why are there so many servers offering export ciphersuites, is valid, your description of the problem is in error. FREAK is:
?a class of client-side bugs
?exploitable due to server-side configuration.

The vulnerable devices you list are not configured to use export-grade ciphersuites, but they can be tricked into using export-grade key lengths with standard ("full-strength") ciphersuites. The scenario works like this:
1.Vulnerable client sends plaintext ClientHello message containing supported ciphersuites, none of which is EXPORT.
2.Attacker intercepts the ClientHello and replaces the ciphersuites with EXPORT ones.
3.The server selects one of the EXPORT ciphersuites and responds with the reduced-length export key. If the server is not configured to use EXPORT ciphersuites, then it issues a fatal alert instead, and the connection stops.
4.The attacker modifies the ServerHello response to replace the EXPORT ciphersuite with the non-export version, but leaves the weak key alone.
5.Because of the bug, the client accepts the export key and negotiates a weakened TLS connection.

There are obviously more subtleties involved, and Matthew Green does a great job of explaining them, but these are the basic facts

참고 URL
http://security.stackexchange.com/
http://macnews.tistory.com/3114