Technical Alert: OpenSSL Heartbleed Vulnerability
The information below was sent to U-M IT security and IT support groups the evening of April 9, 2014.
Summary
A vulnerability in OpenSSL could allow an attacker to expose memory contents from a server, which could result in exposure of sensitive information such as usernames, passwords, session IDs, and secret keys used for encryption.
Problem
Exploit code for the OpenSSL “heartbleed” vulnerability has been made publicly available. Any service using a vulnerable version of OpenSSL is very likely susceptible to attack.
Threats
Exploit code is publicly available. IIA has confirmed that the exploit code is able to extract server memory contents from vulnerable hosts.
Affected Systems
Any network service using OpenSSL versions 1.0.1 through 1.0.1f is vulnerable unless the heartbeat functionality is disabled when the software is compiled. OpenSSL 1.0.2-beta is also vulnerable. OpenSSL 1.0.0 and OpenSSL 0.9.8 are not vulnerable. Web servers that support SSL can be vulnerable, as can other services such as LDAP, IMAP, and VPNs.
Detection
Campus units may submit requests to IIA ([email protected]) for testing of specific systems for the OpenSSL vulnerability. Please include the system’s IP address in your scan request. If your unit has vendor products that use OpenSSL, please check with the vendors to find out if those products are vulnerable.
Action Items
IIA is continuing to scan campus networks and monitor network activity related to the OpenSSL vulnerability. IIA is contacting affected units when vulnerable services are detected.
System administrators should test systems for the Heartbleed vulnerability and update vulnerable systems. It is possible to mitigate this vulnerability by recompiling vulnerable software with the -DOPENSSL_NO_HEARTBEATS option if upgrading to OpenSSL 1.0.1g is not a preferred solution.
After fixing vulnerable software, units should replace SSL certificates that were in use on vulnerable systems.
IIA recommends that units consider implementing Perfect Forward Secrecy to reduce the amount of harm that can be caused by exposure of private keys.
Technical Details
In December 2011, a missing bounds check was introduced into the implementation of the TLS/DTLS heartbeat functionality in version 1.0.1 of OpenSSL, which was released publicly in March 2012. This can allow a remote attacker to obtain up to 64KB of data from process memory. This attack can be repeated in order to obtain enough memory contents to retrieve the intended secrets. The bug was fixed in version 1.0.1g of OpenSSL, which was released on April 7, 2014.
Information for Users
Please advise users not to do anything immediately. Users should wait a few days to allow sites time to apply patches. After waiting, users should change their passwords for any websites or other services that may have been vulnerable. Let them know that this only affects sites where the URL begins with https. Users can reference http://filippo.io/Heartbleed/ to check whether a particular site is still vulnerable and it is not yet safe to change passwords for that site. Remind users that they should not use their UMICH password with any non-university service.
ITS recommends that users change their UMICH passwords twice a year. Users should be asked to change their UMICH passwords in a few days if they have not done so recently. You can refer them to Choosing and Changing a Secure UMICH Password for instructions. Please mention that they may need to set aside a little time to do this as they may need to update saved passwords for their mobile devices.
Questions, Concerns, Reports
Please contact [email protected].