Factoring RSA Export Keys Attack is a security exploit found in SSL/TLS protocols. This vulnerability was first introduced decades earlier for compliance with U.S. cryptography export regulations. There are many servers that accept weak RSA_EXPORT ciphers for encryption and decryption process. Using weak ciphers for encryption will increase the chance of an attack based on SSL/TLS vulnerability. The FREAK attack allows an attacker to intercept HTTPS connections between clients and server to force the application to use weakened encryption. The attacker can easily break the cipher to steal or manipulate sensitive data.
The SSL and TLS cryptographic protocols will allow an attacker to use a man-in-the-middle (MITM) attack to sniff and decrypt communications. This type of attack for RSA-EXPORT is called “FREAK”. FREAK is the acronym for Factoring Attack on RSA-EXPORT Keys. This attack can also affect servers using secure connections that accept RSA_EXPORT cipher suites. If the client also uses an RSA_EXPORT suite or it uses an older and unpatched version of OpenSSL, it will be vulnerable to FREAK attack. If the attacker manages to exploit the encryption successfully, he will be able to steal passwords and other sensitive personal information and potentially use these data to launch further attacks against the end users and the web application.
The steps involved in this attack are:-
This vulnerability can be exploited using a man-in-the-middle attack. In the latest version of OpenSSL, the use of EXPORT-grade ciphers is disabled. Due to this feature, the latest versions of Red Hat Enterprise Linux (5.11, 6.6 and 7.1) are shipped with OpenSSL. Applications that utilise the OpenSSL library can enable this feature. Due to this reason, this vulnerability is considered to affect all the Red Hat Enterprise Linux 5, 6 and 7 systems. The commonly affected systems include the Server, Workstation, Desktop, and HPC Node variants with vulnerable versions of OpenSSL packages. The OpenSSL097a version is the current SSL version that is being shipped with Red Hat Enterprise Linux 5. This version of OpenSSL is also vulnerable to this attack. As we know, the Red Hat Enterprise Linux 5 is now in the Production 3 phase of its support and maintenance life cycle. There will be support for only Critical security issues. The Red Hat Enterprise has not yet decided to fix this issue in their future updates.
Beagle recommends the following fixes:-