Reset Search
 

 

Article

VN 2015 003 Freak - Factoring Attack on RSA-Export Keys

« Go Back

Vulnerability Notice

 
Vulnerability Summary
Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS traffic. This issue has been dubbed the “FREAK” (Factoring Attack on RSA-EXPORT Keys) attack.  

Background (From CVE Project)
CVE-2015-0204
Published: March 3, 2015
CVSS Severity: 5.0

Impact
Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK. 
 
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
 
ExtremeXOS (all products)No    
A, B, C, D, G, I and 800 Series Fixed SwitchesNo
ExtremeWareNo
IDS/IPS  No 
IdentiFi WirelessFixed
NAC Fixed
NetSight No
PurviewNo
Ridgeline No
Router N,K,SSA, and S Modular SwitchesNo
Security Information & Event Manager InvestigatingInvestigating 
Summit WM3000 SeriesYes (See Impact Details) 
X-Series Secure Core Router  Yes (See Impact Details) 
XSR (X-Pedition Security Router)   No


 
 
 
Impact Details
ExtremeXOS (all products)
  • Vulnerable: No
  • Vulnerable Component: None
  • Describe conditions when component Vulnerability occurs (why/when/how): None
  • Product version(s) affected:  EXOS currently uses OpenSSL version 1.0.1j in all the active releases. However EXOS does not use any of the SSL EXPORT ciphers, which are vulnerable to FREAK.
  • Workaround: NA
  • Target Fix Release: NA
  • Target Month for Fix Release: NA
NOTE: EXOS was previously reported as ‘vulnerable’.  Upon further investigation, it was found that EXOS does not use any of the SSL EXPORT ciphers which are vulnerable.  Thus we know that EXOS is not vulnerable to FREAK attack.

A, B, C, D, G, I and 800 Series Fixed Switches
  • Vulnerable: No 
  • Applies only to client-code based on OpenSSL \
ExtremeWare
  • Vulnerable: No
  • Vulnerable Component: NA

IDS/IPS
  • Vulnerable: No
  • A vulnerable version of OpenSSL is shipped on appliances prior to version 8.3 MR1, but the ciphers used by the web server and JMS are limited to not include any of the susceptible ciphers.
IdentiFi Wireless
  • Vulnerable: Yes  (C25, C4110, C5110, C5210, V2110 only)
  • The IdentiFi wireless line of controllers is vulnerable to CVE-2015-0204 although the risk is very small. The controller has some SSL clients (like curl) that do not contain the patch. Since these clients are only used to communicate with known file and management servers the risk of a hack is low.
  • The IdentiFi wireless line of controllers include a web server that can accept requests for export-grade cipher suites. Customers can disable the use of export grade encryption by disabling the "Enable Weak Ciphers" option (on the "Secure Connections" page of the controller module of the wireless controller GUI).
  • Vulnerable Component: cURL web client
  • Describe conditions when component vulnerability occurs (why/when/how): The cURL client is used to transfer some files to external web sites. The administrator must configure the controller to push files to the external web site and must explicitly configure the web site address. Consequently the risk of MITM is low.
  • Product version(s) affected: All minor releases of release 9.0
  • Workaround: One option is to temporarily disable Location Batch Reporting on the controller. Alternatively, ensure that the server location (where reports are being pushed to) has disabled export-grade cipher suites.
  • Fixed In: 9.21.01
  •  
  • Vulnerable: No (AP2600, AP3600, AP3700 & AP3800 series only)
  • The IdentiFi wireless line of APs (AP2600 series, AP3600 series, AP3700 series, and AP3800 series) are not vulnerable to CVE-2015-0204.  None of the currently supported models of AP run web servers so they do not contribute to the vulnerability by permitting the use of export-grade ciphers.
NAC
  • Vulnerable: Yes (Only RADIUS)
  • Freak is the name for OpenSSL (CVE-2015-0204) and Skip-TLS (CVE-2014-6593) for Java https://www.nccgroup.com/en/blog/2015/03/smack-skip-tls-and-freak-ssltls-vulnerabilities/
  • Both versions we ship are vulnerable.  OpenSSL is used for NAC's TLS processing for RADIUS, so that is an issue. Java is used for the web server SSL socket and JMS SSL socket, but we lock down the ciphers to only allow: 
  • For the NAC web server (HTTPS):
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • For JMS:​
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • Vulnerable Component:  NAC RADIUS Engine
  • Describe conditions when component Vulnerability occurs (why/when/how): RADIUS: EAP-TLS, PEAP, EAP-TTLS uses the default cipher list for the OS and has the OpenSSL vulnerability. 
  • Product version(s) affected:  NAC 4.x, 5.x, 6.x both 32bit and 64bit appliances
  • Workaround:  N/A
  • Fixed In:  6.3.0
NetSight
  • Vulnerable: No
  • Freak is the name for OpenSSL (CVE-2015-0204) and Skip-TLS (CVE-2014-6593) for Java https://www.nccgroup.com/en/blog/2015/03/smack-skip-tls-and-freak-ssltls-vulnerabilities/
  • Both versions we ship are vulnerable. OpenSSL is not used on Purview for the web server so that is not an issue. Java is used for the web server SSL socket and JMS SSL socket, but we lock down the ciphers to only allow:
  • For the NetSight web server (HTTPS):
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • For JMS:
  • TLS_RSA_WITH_AES_128_CBC_SHA
Purview
  • Vulnerable: No
  • Freak is the name for OpenSSL (CVE-2015-0204) and Skip-TLS (CVE-2014-6593) for Java   https://www.nccgroup.com/en/blog/2015/03/smack-skip-tls-and-freak-ssltls-vulnerabilities/
  • Both versions we ship are vulnerable. OpenSSL is not used on Purview for the web server so that is not an issue. Java is used for the web server SSL socket and JMS SSL socket, but we lock down the ciphers to only allow:
  • For the Purview web server (HTTPS) we limit the ciphers to:
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • For JMS its:
  • TLS_RSA_WITH_AES_128_CBC_SHA 
Ridgeline
  • Vulnerable: No
  • FREAK (CVE-2015-0204): Exists only in OpenSSL. Ridgeline doesn't use OpenSSL. So Ridgeline is not vulnerable.
 
SKIP-TLS (CVE-2014-6593): Vulnerability exists in Java which ships with J2SE 7u72, 8u25 and before - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Ridgeline 4.0 uses JRE 7u45, so it is vulnerable to SKIP-TLS.
 
 
Ridgeline 4.0 uses java for web server SSL socket.  It has been locked to use following ciphers:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

Router N, K, SSA, and S Modular Switches
  • Vulnerable: No  
  • Does not use SSL
Security Information & Event Manager
  • Vulnerable: TBD
Summit WM3000 Series
  • Vulnerable: Yes
  • Vulnerable Component:  SSL
  • Describe conditions when component Vulnerability occurs (why/when/how):  Primarily affects clients, but under conditions described by CVE-2015-0204
  • Product version(s) affected:  All
  • Workaround: N/A
  • Target Fix Release:  TBD
  • Target Month for Fix Release:  TBD
X-Series Secure Core Router
  • Vulnerable: Yes
  • Vulnerable Component: SSH, remote file copies
  • Describe conditions when component Vulnerability occurs (why/when/how): This vulnerability occurs when a man-in-the-middle attacker can fool a client and server into selecting weak export keys. (US law once regulated cryptography as munitions and prohibited unrestricted export of stronger keys.)  It is now possible to crack such keys in about 7 hours, for $100 commercial cloud computing services. On the X-Series, FREAK attacks could compromise the security of SSH-based CLI logins (which security- conscious users should already be using in preference to Telnet-based ones).   
  • Product version(s) affected: All active X-Series releases use a vulnerable OpenSSL version. 
  • Workaround: 
  • Target Fix Release: TBD
  • Target Month for Fix Release: TBD
 
XSR (X-Pedition Security Router)
  • Vulnerable: No
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. 
Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above. 

Firmware and software can be downloaded from www.extremenetworks.com/support


Additional Information 
https://freakattack.com/
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.

Revision History

Rev. No.Date ModifiedDescription / Milestone
1.020-Mar-15First release
2.023-Mar-15Update NAC, NetSight, Purview, Router N, K, SSA
3.023-Mar-15EXOS
4.029-Mar-15Update NAC Target Fix Release and Target Month
5.007-Apr-15Updated EXOS, X-Series and E Ware status
6.008-Apr-15Update Ridgeline
7.030-Jun-15Update Summit WM3000 Series
8.012-Aug-15Update XSR (X-Pedition Security Router)
   
This notice was imported into GTAC Knowledge on 13-Jan-2016.  

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255