Yesterday the OpenSSL team released fixes for a handful of freshly discovered vulnerabilities. Top on the list is an interesting flaw in which a man-in-the-middle attacker could compromise the confidentiality and integrity of communication between two vulnerable OpenSSL endpoints.
Many have been quick to label this vulnerability as Heartbleed 2.0 but an investigation of the specific vulnerability confirms that this is (mostly) much ado about nothing. The code in question contains a flaw in which OpenSSL will process a change cipher spec (CCS) message and generate key material at an inappropriate time.
Specifically the early CCS triggers OpenSSL to generate key material before a master secret has been established. This yields a predictable key which can be calculated by the attacker.
If the server is using OpenSSL 1.0.1 or later, the attacker can relay a finished message from the server to the client and the two parties will proceed communicating with a compromised key. Adam Langley has already done a great job of writing this up on his blog so rather than repeat that work, I have prepared a Python based detection script for CVE-2014-0224.
This script is designed to recognize when an SSL server does not actively reject an early CCS message. This behavior is indicative of whether an OpenSSL library has been patched to enforce the proper message order.
Although servers with unpatched OpenSSL prior to 1.0.1 are unlikely to be exploited in this manner, Tripwire VERT and the OpenSSL team encourage users to update all systems running affected versions of OpenSSL.
This script is designed for detection of vulnerable servers in a wide range of configurations. It attempts to negotiate using each affected protocol version (SSLv3, TLSv1, TLSv1.1, and TLSv1.2) advertising a comprehensive set of ciphers.
This offline tool is not supported and is provided for informational purposes only.
This tool uses Python – license information is available here: https://opensource.org/licenses/Python-2.0