wiki:heartbleed

Version 15 (modified by plaisthos, 10 years ago) (diff)

--

OpenSSL vulnerability - Heartbleed

A vulnerability in OpenSSL, nicknamed Heartbleed, was published in April 2014 1. OpenVPN uses OpenSSL as its crypto library by default and thus is affected too.

What does this mean?

An attacker can trick OpenSSL into returning a part of your program memory. That memory contains your session keys (the keys used to encrypt your data), and usually your master secret key too. If your OpenVPN is or has been vulnerable to heartbleed you should consider your keys, and the traffic over the VPN tunnel, compromised.

Am I affected too?

Your OpenVPN is affected when your OpenVPN is linked against OpenSSL, versions 1.0.1 through 1.0.1f.

Has OpenVPN been successfully exploited?

This is very likely. On 16th April 2014 a mail was sent to openvpn-user list by Fredrik Strömberg, who claimed the following:

We have successfully extracted private key material multiple times
from an OpenVPN server by exploiting the Heartbleed Bug. The material
we found was sufficient for us to recreate the private key and
impersonate the server.

--- snip ---

... you should assume that other teams with more nefarious purposes
have already created weaponized exploits for OpenVPN. Just to be
clear, we don't intend to use this exploit ourselves. We merely
developed it to examine the practical impact on OpenVPN as part of
our incident investigation.

More details in the email thread. The exploit has not yet been tested by anyone within the OpenVPN project, but we have to assume it is capable of doing what Fredrik claims.

How do I fix this?

  1. Update your OpenSSL library
  2. Revoke your old private keys
  3. Generate new private keys
  4. Create certificates for the new private keys

Is this for clients or servers?

Both. Replace the keys for each peer that was active while linked against a vulnerable OpenSSL.

Are Android clients affected too?

Android shipped OpenSSL 1.0.1 as of 4.1, but disable heartbeats since 4.1.2. That means only Android 4.1(.0) and 4.1.1 are vulnerable. There are app available to check your own device like Heartbleed Detector.

A special version of OpenVPN for Android including a copy of OpenSSL can be used on affected devices. This however still leaves all other apps/services on the device vulnerable.

What about Tunnelblick for MacOS X

Old versions for Tunnelblick are affected, but fixed versions have been released.

What about Windows clients?

All official OpenVPN Windows client installers are shipped with OpenSSL. However, only installer versions 2.3-rc2-I001 through 2.3.2-I003 ship a vulnerable version. Installer version 2.3.2-I004 fixes this vulnerability by bundling OpenSSL 1.0.1g. The fixed version can be downloaded from here.

If you want to verify whether the version of OpenSSL in your OpenVPN installation is vulnerable, go to C:\Program Files\OpenVPN\bin using Windows Explorer, right-click on libeay32.dll, click properties and check what Details -> Product Version says.

Is Access Server affected?

Short answer: yes.

All Access Server users are advised to upgrade immediately to Access Server 2.0.7. If you would like to patch the OpenSSL libraries for older versions of Access Server please download the libs for your distro and copy them into /usr/local/openvpn_as/lib.

For more information have a look at the OpenVPN Technologies' official announcement.

Are OpenVPN Connect clients affected

It depends:

  • The iOS and Android versions use PolarSSL and are not vulnerable
  • Windows and MacOS X versions use OpenSSL and old client versions are vulnerable

Access Server 2.0.7 includes OpenVPN Connect clients that have been fixed. If you have installed Access Server 2.0.6 and for whatever reason can't upgrade to 2.0.7 you should get updated clients from here.

For more information have a look at the OpenVPN Technologies' official announcement.

Are PolarSSL builds affected too?

No. See 2.

Do TLS-auth keys protect my setup?

To some extent. You are strongly encouraged to use TLS-auth keys. In this scenario an attacker can not attack openvpn instances without the TLS-auth key. With a large user base, you should however consider the possibility of one (or more) of the OpenVPN instances being compromised. Such a compromised instance could attack other instances (including the server).

[1] http://heartbleed.com/

[2] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-01