Recently, a cybersecurity team has detected that the new Raccoon attack has allowed the attackers to break SSL/TLS encryption. A raccoon is a scheduled vulnerability in the TLS stipulation that usually strikes the HTTPS and many other services that depend on SSL and TLS.
Raccoon vulnerabilities employ in very particular conditions and are quite difficult to administer. But software experts have issued patches to prevent potential attackers from gaining the advantage of this loophole.
Data Involved
Since the Raccoon is a very complex vulnerability, and there are some rare cases where Raccoon enables an attacker to decrypt the connection that is connecting the users and the server.
Moreover, the data that are involved in this vulnerability are:-
- Usernames
- Passwords
- Credit card numbers
- Emails
- Instant messages
- Other sensitive documents
Vulnerable Targets
According to the report that has been given by the cybersecurity experts, the vulnerability has targetted the Diffie-Hellman key exchange in TLS 1.2, and here are the two prerequisites used by the attackers for the attack:-
The server reuses the public DH keys in the TLS handshake. In this situation, if the server is configured to utilize the static TLS-DH cipher suites, then the server uses ephemeral cipher suites (TLS-DHE) and reuses ephemeral keys for various connections.
While on the other hand, the attacker can perform accurate timing measures, as it will enable him/her to obtain whether the first byte of the DH shared confidential starts with zero or not.
Is Your Browser or Client Vulnerable?
The experts have affirmed that Raccoon is not a client-side vulnerability; that’s why here the clients have no rights; all they can do is not to support DH(E) cipher suites. And all morden suites should not support these cipher suites anymore.
Protocols affected
The experts have listed the protocols that have been affected by this vulnerability, and here they are mentioned below:-
- TLS: Yes, affected. (1.2 and previous versions)
- ECDH: Not affected.
- DTLS: Yes, affected.
How Did Vendors Respond to This Flaw?
- The F5 has named this vulnerability as CVE-2020-5929, and they suggested all the users patch their products or to enforce regulation of fresh ephemeral keys.
- The OpenSSL named this vulnerability as CVE-2020-1968, and it always uses the fresh DH keys per default since version 1.0.2f. That’s why the attack essentially affected OpenSSL 1.0.2 when a DH authentication is in use. To mitigate the attack, the developers migrated all remaining DH cipher suites into the “weak-ssl-ciphers” list.
- The Mozilla named this issue as CVE-2020-12413, and it has determined this issue by impairing DH and DHE cipher suites in Firefox.
- Microsoft named this issue as CVE-2020-1596, and they have asserted that all their prior information has been given on their official website.
The Raccoon vulnerability is an adaptive chosen-ciphertext that exploits server performance and variations by treating RSA PKCS#1 v1.5 messages. However, this vulnerability is very similar to Bleichenbacher’s attack.
Apart from this, not only Raccoon but many protocols are using the DH keys exchange to attack the users; JSON Web Encryption only allows ECDH key agreement and the XML Encryption and IPsec process preceding the zero bytes.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
Let’s Encrypt Has Issued 1 Billion Free SSL (TLS) Certificates
