are available correcting releases of the cryptographic library Openssl = “https://github.com/opensl/openssl/ Releases/Tag/Openssl-3.0.16 “> 3.0.16 , 3.1.8 , 3.2.4 , 3.4.1 . In versions 3.2.4, 3.3.3 and 3.4.1, vulnerability (cve-2024-12797) which is awarded a high level of danger. Vulnerability allows you to organize a MITM attack on TLS and DTLS connections. The problem is manifested only in systems that use RPK open keys to authentication (RAW Public Key, RFC 7250 ). By default, RPK support is disabled on the side of the client and server.
Vulnerability is caused by the fact that the OpenSSL does not return the client to the client about the authentication of the server when installing the connection using the verification mode SSL_VERIIFY_PEER, since the process of coordination of the connection is not torn properly. The attacker can arrange a MITM attack and redirect traffic to his host instead of a target server, and the client will not receive information that the server is not authenticated. The problem manifests itself starting from the Opensl 3.2 branch, in which the possibility of using RPK instead of certificates X.509.
In addition, in OpensSL updates, vulnerability cve-2024-13176. channels for recreating the ECDSA closed key through the analysis of delays arising from the generation of digital signature. The essence of the vulnerability is that for some types of elliptical curves, for example, NIST P-521, computing with the zero senior bits of the inverted value of the initialization vector (Nonce), the processing time of which differs by 300 nanoseconds, can be distinguished from the total mass.
In the case of ECDSA, even several bits are determined with information about the initialization vector is enough to make an attack on the sequential restoration of the entire closed key. For a successful attack, the attacker should have access to the local system on which an application that forms digital signatures, or high -speed network access to the application with very low delays, is performed. The attacker should also be able to analyze with great accuracy the time of generation of a large number of digital signatures created over the data known to him.