Change History (11)

comment:1 Changed 3 years ago by hunterx1

nice find. I was beginning to wonder why this was not in my cybersecurity feed, but NIST has not analyzed it yet which is probably why it wasn't in the news. It's nice that the software vendor is advising on it.

I switched my iOS ovpn file from aes-256-cbc to aes-256-gcm, and it connected, but no connection. I don't yet know if this is a bug or a lack of functionality on the VPN server side.

from reading the advisory, it's another CBC exploit, so using something like GCM should be a workaround, if it worked...

EDIT: not working with aes-128-gcm either. I opened a ticket with PIA to see what they support.
EDIT2: I have a good feeling PIA only supports BF-CBC and AES-CBC based on what I see so far, so not a bug. I should get an official reply soon. Or PR nonsense days later...

Last edited 3 years ago by hunterx1 (previous) (diff)

comment:2 Changed 3 years ago by hunterx1

My VPN provider basically confirmed that they do NOT support GCM, so this issue is growing in importance for me.

when searching NIST: https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=mbed+tls+2.7

I found the following vulnerabilities:
CVE-2017-18187
CVE-2018-0488 (reported as this bug)
CVE-2018-0487 (execute arbitrary code or cause a denial of service)
CVE-2018-1000061 (affects 2.7.0 but not as serious, and no fix available yet)

comment:3 Changed 3 years ago by Gert Döring

@ordex: do you enable truncated HMAC at all? The advisory says that unless the mbedTLS-using app calls mbedtls_ssl_conf_truncated_hmac(), all is good.

@hunter1: the cipher setting is fully independent of anything TLS related, so that security advisory has no relevance on "is CBC or GCM better"... so I'm a bit confused why you're mixing those two.

comment:4 Changed 3 years ago by Antonio

The OpenVPN3 core library is available on GitHub? so everybody is free to audit it.

However, no mbedtls_ssl_conf_truncated_hmac() call is made by the core library.

comment:5 Changed 3 years ago by Hunterx1

Those 4 findings I posted above were all rated critical on NVD after being analyzed. Are there any plans to update to mbedTLS 2.7.0 to address 3 of them?

comment:6 Changed 3 years ago by Antonio

mbedTLS 2.7.0 is on the roadmap but won't be shipped soon as jumping to a new major release requires a fair amount of testing on our side.

This said, let's clarify what's happening with these CVEs:

  • CVE-2017-18187: it's a server side only problem, thus does not affect OpenVPN Connect
  • CVE-2018-0488: the truncated HMAC feature is not used in OpenVPN (mbedtls_ssl_conf_truncated_hmac() is never invoked), therefore it does not affect OpenVPN Connect
  • CVE-2018-0487: this impacts the RSASSA-PSS signature schema and it's something that must be injected by the server. so as soon as you connect to a trusted server (and you are sure you are connecting to who you think it is), you should not hit this situation. Nonetheless we are working on backporting a fix or disabling the feature entirely.
  • CVE-2018-1000061: this bug has been rejected. Check https://github.com/ARMmbed/mbedtls/issues/1356
Last edited 3 years ago by Antonio (previous) (diff)

comment:7 Changed 3 years ago by Antonio

Summary: mbedTLS Security AdvisorymbedTLS Security Advisory - February 2018

comment:8 in reply to:  6 Changed 3 years ago by Hunterx1

Thanks for the detailed reply! This satisfies my concerns. Keep up the great work.

comment:9 Changed 3 years ago by aldebaran50

A QUICK WORKAROUND: I just started to have the Internet connection failure with GCM on both iPad and iPhone on March 20. After reading this ticket, I was able to fix the problem by going to the device home screen, selecting Settings, selecting the OpenVPN app, and scrolling down to Advanced Settings. I then activated "Force AES-CBC ciphersuite". This fixed the connectivity problem on both devices. I hope this info can help someone else with the connection problem.

Last edited 3 years ago by aldebaran50 (previous) (diff)

comment:10 in reply to:  9 Changed 3 years ago by Antonio

Replying to aldebaran50:

A QUICK WORKAROUND: I just started to have the Internet connection failure with GCM on both iPad and iPhone on March 20. After reading this ticket, I was able to fix the problem by going to the device home screen, selecting Settings, selecting the OpenVPN app, and scrolling down to Advanced Settings. I then activated "Force AES-CBC ciphersuite". This fixed the connectivity problem on both devices. I hope this info can help someone else with the connection problem.

this is unrelated to the security bugs we are discussing in this ticket. The bugs that have been mentioned do not have visible symptoms, except when an attacker is trying to exploit them.

The option you have enabled is about the ciphers used in the TLS session. IF you need further clarifications, please open a thread on the forum.

comment:11 Changed 2 years ago by Antonio

Resolution: fixed
Status: newclosed

All the needed work has been performed quite some time ago and the changes are part of the openvpn3 core library by now.

Note: See TracTickets for help on using tickets.