Imperva Security Response to OpenSSL and TLS/RC4 Vulnerabilities
- Some versions of OpenSSL are vulnerable to an assortment of attacks and should be patched.
- RC4 in TLS is vulnerable to Man in the Middle (MITM) attacks and should not be used with TLS.
- Two high-severity OpenSSL-related threats have recently been identified, CVE-2015-0291 which can theoretically create opportunities for DoS attacks against a server, and CVE-2015-0204 in which an attacker could theoretically force a user and server to downgrade to a set of export ciphers which are weak and outdated. Initial investigation shows that SecureSphere components are not vulnerable to these CVEs. Investigation continues; if status changes, this article will be updated.
- In addition, nine moderate-severity threats have been identified. Initial investigation shows that SecureSphere components are not vulnerable to these CVEs either. Investigation continues; if status changes, this article will be updated.
- Finally, over the years several significant vulnerabilities have been discovered in the RC4 mode of the SSL protocol. In 2013 an analysis of the RC4 mode specifically was published which showed how to mount an attack that recovers data transmitted over an SSL/RC4 connection, and as recently as last week a new attack was published. Imperva has made recommendations below regarding how customers can best address these.
- For Imperva customers using SecureSphere in KRP mode:
- Both of the high-severity threats and all nine moderate-severity threats are protected by SecureSphere.
- Imperva recommends these customers configure SecureSphere so as to avoid using weak ciphers such as export ciphers or RC4.
For Imperva customers using SecureSphere in Bridge or Sniffing mode:
- Some attack vectors are not detected by SecureSphere, including the two high-severity threats. In these cases, the risk of the threats to a protected application depends upon the way that application uses OpenSSL and the OpenSSL version.
- Imperva recommends that all potentially affected applications immediately be patched with OpenSSL patches (0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a). Given the large number of new attack vectors, customers should not wait for results of an analysis of which applications may or may not be affected.
- Imperva also recommends customers remove weak ciphers and weak protocol versions (such as SSL2.0 and SSL3.0) from the SSL list. Two of the threats are downgrade threats and may be eliminated by doing so.
Technical details of how to disable the RC4 cipher on SecureSphere Web Application Firewall gateways are available in the Imperva Knowledge Base.