Java encryption implementation error made it trivial to forge credentials

by | Apr 21, 2022 | News

vulnerability encryption java JDK forge credentials

Post Views: 313

Premium Content

 

Patreon

Subscribe to Patreon to watch this episode.

 

Reading Time: 2 Minutes

A catastrophic vulnerability in the implementation of certain encryption operations in Java JDK makes it easy for attackers to forge counterfeit credentials.

 

 

The cryptographic weakness – which affects Java JDK versions 15 and later – was addressed by Oracle with an update released as part of its regular quarterly patch batch on Tuesday (April 19).

Both Oracle Java and OpenJDK need updating because of flaws that involve the implementation of widely-used ECDSA (Elliptic Curve Digital Signature Algorithm) signatures.

The whole problem stemmed from a coding error rather than a problem with the underlying encryption technology.

Left unaddressed, the flaws make it possible for an attacker to forge some types of SSL certificates and handshakes – opening the door to manipulator in the middle attacks.

Signed JWTsSAML assertionsWebAuthn authentication messages, and more can all be easily hacked because of the cryptographic blunder, security researcher Neil Madden warns.

“It’s hard to overstate the severity of this bug,” Wadden, a security architect at ForgeRock, explains in a technical blog post on the issue.

“If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU).”

 

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

 

Solutions

 

Psychic paper

 

Java has supported ECDSA, a widely used standard for signing all kinds of digital documents, for some years. The mistake came with the rewrite of the EC code from native C++ code to Java as part of the Java 15 release, as Wadden explains.

Java’s implementation of ECDSA signature verification didn’t check if r or s [values related to an ECDSA signature] were zero, so you could produce a signature value in which they are both 0 (appropriately encoded) and Java would accept it as a valid signature for any message and for any public key. The digital equivalent of a blank ID card.

Wadden compares this blank ID card concept to the psychic paper in sci-fi series Doctor Who, which is used by the titular character to fool people into co-operating.

 
 
 

 

 

Fraught disclosure

 

Wadden and his colleagues at identity and access management firm ForgeRock discovered the flaw last November, at which point they reported it to Oracle and other Java developers. The subsequent disclosure process was less than ideal.

“I was disappointed in the disclosure process,” Wadden told The Daily Swig. “I reported to OpenJDK alias and then ended up in Oracle black hole.”

“To be fair, they did respond reasonably quickly to emails, but always with bare minimum response and I wasn’t given any details on the fix until it landed in the OpenJDK GitHub backport repos.”

 

 

 

See Also: Recon Tool: Smap

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Write up: Hacking is an art, and so is subdomain enumeration.

 

Source: portswigger.net

Full post

 

 

 

 

 

Merch

Share This