ruzivo nezve itsva (CVE-2020-1968) mune TLS protocol, codenamed
uye kubvumira, mune zvisingawanzoitiki, kuona kiyi yekutanga yekutanga (pre-master), iyo inogona kushandiswa kudhipfenyura TLS yekubatanidza, kusanganisira HTTPS, kana ichivharira transit traffic (MITM). Zvinocherechedzwa kuti kurwiswa kwacho kwakaoma kwazvo pakuita kuti ishandiswe uye yakanyanya yedzidziso. Kuita kurwiswa, imwe gadziriso yeTLS sevha uye kugona kunyatso kuyera sevha yekugadzirisa nguva inodiwa.
Dambudziko riripo zvakananga mukutsanangurwa kweTLS uye rinongobata zvinongedzo uchishandisa ciphers zvichibva paDH key exchange protocol (Diffie-Hellman, TLS_DH_*"). NeECDH ciphers dambudziko hariitike uye rinoramba rakachengeteka. Chete TLS maprotocol anosvika vhezheni 1.2 ari panjodzi; TLS 1.3 haina kukanganiswa nedambudziko. Kusagadzikana kunoitika mukuitwa kweTLS kunoshandisazve kiyi yakavanzika yeDH pane akasiyana TLS kubatanidza (maitiro aya anoitika pane ingangoita 4.4% ye Alexa Pamusoro 1M maseva).
MuOpenSSL 1.0.2e uye yakamboburitswa, kiyi yekutanga yeDH inoshandiswa patsva pakubatanidza esevha kunze kwekunge SSL_OP_SINGLE_DH_USE sarudzo yaiswa pachena. Kubva OpenSSL 1.0.2f, kiyi yekutanga yeDH inongoshandiswazve kana uchishandisa static DH ciphers ("DH-*", e.g. "DH-RSA-AES256-SHA"). Kusagadzikana uku hakuratidzike muOpenSSL 1.1.1, sezvo bazi iri risingashandisi kiyi yekutanga yeDH uye risingashandisi DH ciphers.
Paunenge uchishandisa DH nzira yekutsinhanisa kiyi, mativi ese ekubatanidza anogadzira makiyi ega ega (apa kiyi "a" uye kiyi "b"), zvichibva pane makiyi eruzhinji (ga mod p uye gb mod p) anoverengerwa uye anotumirwa. Mushure mekunge bato rega rega ragamuchira makiyi eruzhinji, kiyi yekutanga (gab mod p) inoverengerwa, iyo inoshandiswa kugadzira makiyi echikamu. Kurwiswa kweRaccoon kunobvumidza iwe kuti uone kiyi yekutanga kuburikidza nedivi-chiteshi kuongororwa, zvichibva pakuti iyo TLS yakatarwa kusvika kune vhezheni 1.2 inoda kuti ese anotungamira null bytes ekiyi kiyi kuraswa pamberi pekuverenga zvinosanganisira.
Kusanganisira iyo truncated yakakosha kiyi inopfuudzwa kuchikamu kiyi yekugadzira basa, iyo yakavakirwa pamabasa ehashi nekunonoka kwakasiyana paunenge uchigadzira data rakasiyana. Kuyera nemazvo nguva yemabasa akakosha anoitwa nesevha inobvumira anorwisa kuti atarise zvinongedzo (oracle) zvinoita kuti zvikwanise kutonga kana kiyi yekutanga inotanga kubva pakatanga kana kuti kwete. Semuyenzaniso, munhu anorwisa anogona kubata kiyi yeruzhinji (ga) inotumirwa nemutengi, oitumirazve kuseva uye kuona.
kunyangwe kiyi yekutanga inokonzeresa inotangira pazero.
Nayo pachayo, kutsanangura imwe byte yekiyi hakupi chero chinhu, asi nekutora iyo "ga" kukosha kunotapurirwa nemutengi panguva yekubatana kwenhaurirano, anorwisa anogona kuburitsa seti yezvimwe zvakakosha zvine chekuita ne "ga" uye ozvitumira kune. sevha muzvikamu zvakasiyana zvekutaurirana. Nekugadzira uye kutumira "gri * ga" kukosha, anorwisa anogona, kuburikidza nekuongorora shanduko mukunonoka mumhinduro ye server, kuona hunhu hunotungamira mukugashira makiyi ekutanga kubva pa zero. Waona kukosha kwakadaro, anorwisa anogona kugadzira seti yeequations ye woverenga kiyi yekutanga.
OpenSSL kusasimba yakaderera mwero wengozi, uye kugadzirisa kwakaderedzwa kufambisa ane dambudziko ciphers "TLS_DH_*" mukuburitswa 1.0.2w kuchikamu chezvinyorwa zvine mwero usina kukwana wedziviriro ("weak-ssl-ciphers"), iyo yakavharwa nekusingaperi. . Vagadziri veMozilla vakaita zvimwe chetezvo, muraibhurari yeNSS inoshandiswa muFirefox, iyo DH uye DHE cipher suites. NezveFirefox 78, zvinetswa ciphers zvakavharwa. Tsigiro yeChrome yeDH yakamiswa kumashure muna 2016. The BearSSL, BoringSSL, Botan, Mbed TLS uye s2n maraibhurari haabatsirwi nedambudziko nekuti haatsigire DH ciphers kana static akasiyana eDH ciphers.
Mamwe matambudziko anocherechedzwa zvakasiyana () mune TLS stack yeF5 BIG-IP zvishandiso, zvichiita kuti kurwiswa kuve kwechokwadi. Kunyanya, kutsauka kwemaitiro emidziyo pamberi pe zero byte pakutanga kwekiyi yekutanga kwaonekwa, iyo inogona kushandiswa pachinzvimbo chekuyera iyo chaiyo latency yekuverenga.
Source: opennet.ru