Recently, a cybersecurity team has detected that the new Raccoon attack has allowed the attackers to break SSL/TLS encryption. A raccoon is a scheduled vulnerability in the TLS stipulation that usually strikes the HTTPS and many other services that depend on SSL and TLS.
Raccoon vulnerabilities employ in very particular conditions and are quite difficult to administer. But software experts have issued patches to prevent potential attackers from gaining the advantage of this loophole.
It’s worth noting that “DH secrets with leading zeroes will result in a faster server KDF computation, and hence a shorter server response time.”
Assuming the attacker can identify this edge case, it allows the bad actor to decipher the secret key of the original handshake and ultimately decrypt the TLS traffic to recover its contents in plaintext.
But the attack has its constraints. It necessitates that the server reuses the same DH ephemeral key (a mode called DHE) across sessions and that the attacker is as close to the target server as possible to perform high precision timing measurements.
F5, Microsoft, Mozilla, and OpenSSL Release Security Updates
While Raccoon may be hard to replicate in the real world, several F5 products were found to be vulnerable to a “special” version of the attack (CVE-2020-5929) without resorting to timing measurements by directly observing the contents of server responses.
F5, Microsoft, Mozilla, and OpenSSL have all released patches to thwart the attack by addressing the concern with ephemeral key reuse. For its part, Mozilla has turned off DH and DHE cipher suites in its Firefox browser, and Microsoft’s advisory recommends customers to disable TLS_DHE.
With ephemeral keys crucial for ensuring forward secrecy, the research is another reason why reusing cryptographic keys can undermine security.
“Our attack exploits the fact that servers may reuse the secret DH exponent for many sessions, thus forgoing forward secrecy,” the researchers concluded.
“In this context, Raccoon teaches a lesson for protocol security: For protocols where some cryptographic secrets can be continuously queried by one of the parties, the attack surface is made broader. The Raccoon attack showed that we should be careful when giving attackers access to such queries.”