Confirmed: Heartbleed Exposes Web Server’s Private SSL Keys

After details of the critical “Heartbleed” vulnerability in OpenSSL emerged last week, which enables attackers to steal sensitive data typically protected by TLS encryption, there has been widespread concern among system administrators, network security teams, software developers and essentially anyone with any technical connection to the Internet.

One of the key concerns (no pun intended) was if an attacker could obtain the private SSL Keys from a server by exploiting Heartbleed.

In short, the Heartbleed vulnerability allows attackers to repeatedly access 64K blocks of memory by sending a specially crafted packet to a server running a vulnerable version of OpenSSL. Because an attacker can’t specify what kind of data to obtain from the computer’s memory or reliably get the same kind of information each time, the attack depends on luck and timing.

In an effort to help determine if private SSL keys were at risk, engineers at Web performance and security firm CloudFlare created a web site that was intentionally vulnerable to Heartbleed and encouraged researchers to attempt to get the private key from the server.

As was assumed, and now confirmed, under the right circumstances, an attacker can retrieve a server’s private key.

While CloudFlare originally believed that obtaining private keys was not impossible, but rather difficult, it turns out that within a few hours, several researchers independently retrieved the private keys from the intentionally-vulnerable NGINX server using the Heartbleed exploit.

According to CloudFlare’s Nick Sullivan, Fedor Indutny, a software engineer from Russia, sent at least 2.5 million requests over the course of the day in his successful effort to obtain the key. Ilkka Mattila from NCSC-FI, who sent around a hundred thousand requests over the same period of time, was also successful in obtaining the private key.

At least two others had success as well. 

CloudFlare says that it confirmed with all individuals that they used only the Heartbleed exploit to obtain the private key.

According to Sullivan, CloudFlare engineers rebooted the server at 3:08PST, which may have caused the key to be available in uninitiallized heap memory.

“It is more important than ever to check certificates to see if they have been revoked,” Sullivan wrote in a follow-up blog post. “According to Netcraft that certificate revocation has gone up sharply since the Heartbleed vulnerability was announced.”

“We expect this trend to continue as more websites evaluate the risk that their private keys were stolen though Heartbleed,” he continued. “If your site was vulnerable to Heartbleed, we encourage you to talk to your CA to revoke your certificate an rekey.”

The vulnerability is “catastrophic” for SSL and Internet security, Bruce Schneier, a well-known cryptologist and CTO of Co3 Systems, previously told SecurityWeek. “On the scale of 1 to 10, this is an 11.”

While it’s perfectly possible there are even more serious flaws in TLS lurking undiscovered, Heatbleed is quite possibly the worst one to date. Calling Heartbleed a “ginormous issue” would be a conservative assessment, Schneier said.

It’s very likely governments around the world used Heartbleed to exploit whatever server they could and grab whatever they could get as soon as they heard about the vulnerability, Schneier suggested. “Because why would you not?” 

On Friday, the NSA denied a report claiming it was aware of and even exploited Heartbleed to gather critical intelligence.

“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” an NSA spokeswoman said.

Related: Why The Heartbleed Vulnerability Matters and What To Do About It  

Additional Resources:

• Is Your Enterprise Managing Certificates? Three Reasons It Should Be. 

• Forrester Attacks On Trust Report

• Heartbleed Bug Advisory Whitepaper from Accuvant Labs (PDF)