Java suffers from encryption bug that could allow attackers to bypass digital signatures, Oracle releases fix

Java versions 15 and above have a flaw in the implementation of its Elliptic Curve Digital Signature Algorithm (ECDSA) that could be exploited by cybercriminals to digitally sign files by forging certain types of Secure Sockets Layer (SSL) certificates. ), signed JSON (JWT) web tokens. , and even two-factor authentication messages. The problem was first discovered last year and reported to Oracle, which finally fixed it last week. However, since organizations take time to update their systems to the latest versions, any device that uses the affected Java versions to consume digitally signed data could be at risk.

Oracle has fixed the issue, also known as an error within the community, as part of over 500 patches. The vulnerability is tracked as CVE-2022-21449.

Neil Madden, the researcher at security consulting firm ForgeRock, discovered the security flaw and reported it to Oracle privately in November. Although the software company has assigned the problem a severity rating of 7.5 out of 10, experts including ForgeRock consider it a defect with a severity rating of 10 – “due to of the wide range of impacts on different features” that could make a big impact.

“If you are running one of the vulnerable versions, an attacker can easily tamper with certain types of SSL certificates and handshakes (allowing interception and modification of communications), signed JWTs, SAML assertions, or security tokens. OIDC identification, and even WebAuthn authentication messages. All using the digital equivalent of a blank sheet of paper,” Madden wrote in a blog post.

Cybercriminals and hackers could use the flaw to digitally sign a malicious application or file which could have a different set of implications for end consumers. This could allow attackers to gain backdoor access to systems or even hack into a network using files and data that appear genuine and trustworthy.

Java uses ECDSA which is based on the principles of elliptic curve cryptography – one of the known and widely adopted approaches to enable key agreement and digital signatures. The researcher discovered that the bug was introduced by a rewrite of elliptic curve cryptography from native C++ to Java, which took place with the release of Java 15.

Digital signatures based on elliptic curve cryptography generally require users to prove to recipients that they have access to the private key corresponding to the public key. This helps verify authentication and allows users to access data. It also prevents users from presenting a digital signature for handshakes that do not have access to a relevant private key.

However, using the flaw, an attacker could use a blank signature that could be considered valid and verified by the system against any public key.

Madden calls these signatures similar to “psychic paper” – the plot device that appeared on long-running sci-fi Doctor Who. It was essentially a completely blank piece of paper, but was designed to function as a security pass, warrant, or evidence based on what the protagonist wants others to see.

“An ECDSA signature consists of two values, called r and s,” the researcher said while explaining the flaw. “To verify an ECDSA signature, the verifier checks an equation involving r, s, the signer’s public key, and a hash of the message. If both sides of the equation are equal, the signature is valid, otherwise it is rejected.”

The process involves a condition that R and S in the calculation must not be zero. This is however not the case with Java’s implementation of verification.

“The Java implementation of ECDSA signature verification did not check if R or S were null, so you could produce a signature value where they are both 0 (encoded appropriately) and Java would accept it as a valid signature for any message and for any public key,” Madden said.

Echoing the severity stressed by Madden, security expert Thomas Ptacek mentioned that the problem is the “crypto bug of the year”.

In a blog post, data security firm Sophos also pointed out that the bug doesn’t just affect Java servers that interact with client software.

“Any device that consumes digitally signed data inside your network could be at risk,” he said.

The affected Java versions – Java 15 to 18 – are fortunately not as widely used as earlier versions. According to data from a survey conducted between February and March 2021, cybersecurity firm Snyk said that Java 11 accounted for more than 61% of total deployments, while Java 15 had a 12% share.

Nevertheless, IT administrators and organizations are advised to update their Java version promptly to avoid instances of possible future attacks.


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button