Akamai Reissuing SSL Keys After Flaw Found in Heartbleed Mitigation

Akamai Technologies admitted custom code thought to protect against the Heartbleed vulnerability has a flaw of its own and has forced the company to reissue SSL certificates and keys to its customers.

Last week, Akamai Technologies Chief Security Officer Andy Ellis blogged that while the company had been exposed to the vulnerability, its custom memory allocator protected against nearly every circumstance by which Heartbleed could have leaked SSL keys. However, recent findings by an independent security researcher forced the company to backtrack.

“Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys,” blogged Ellis. “We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community. The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for improving the openssl codebase.” 

“In short: we had a bug,” Ellis added. “An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others. In particular, we only try to protect d, p, and q, but not d mod (p-1), d mod (q-1), or q^{-1} mod p. These intermediate extra values (the Chinese Remainder Theorem, or CRT, values) are calculated at key-generation time as a performance improvement. As the CRT values were not stored in the secure memory area, the possibility exists that these critical values for the SSL keys could have been exposed to an adversary exploiting the Heartbleed vulnerability. Given any CRT value, it is possible to calculate all 6 critical values.”

The issue was found in Akamai’s code by security researcher Willem Pinckaers. As a result of the finding, the company is rotating all customer SSL keys/certificates. Some of these certificates will quickly rotate, while others will require extra validation with the certificate authorities and may take longer.

Since the bug’s public disclosure last week, researchers have confirmed that the vulnerability does allow attackers to steal a Web server’s private SSL keys. While it remains unclear how extensively the two-year old bug has been exploited, authorities in Canada said Monday that as many as 900 Canadian taxpayers had their data stolen due to a Heartbleed attack. 

“This is indeed one of the worst vulnerabilities in the history of the web,” said Amit Sethi, technical manager at Cigital. “It has been present in OpenSSL for over two years, during which time it has made it into a lot of software. Unlike many other vulnerabilities in SSL implementations that we have heard about in recent years, this one does not require the attacker to be positioned between your computer and the server. The attacker can go directly to the server and get any information that you recently exchanged with it over a secure channel.”

According to Symantec, none of the websites in Alexa’s top 1,000 websites is currently vulnerable. Within the Alexa top 5,000, only 24 sites were vulnerable as of April 12. Within the top 50,000, only 1.8 percent of the sites are susceptible to Heartbleed.

“On the positive side, high-profile websites have been addressing the issue very quickly either by fixing it or by taking down their applications while they create a mitigation plan,” Sethi said. “On the negative side, we may never know the full extent of the information that might have been stolen. We will likely see various attacks that use the stolen information in the days and weeks to come.”