incorrect use of X509_check_* functions, leading to MITM attacks. (!96) · Merge requests · OpenConnect VPN projects / OpenConnect

Jordy Zomer requested to merge JordyZomer/openconnect:master into master Apr 23, 2020

The X509_check_host and X509_check_ip functions are a part of a collection of functions used to match certain properties of certificates. They are used to check whether a certificate matches a given host name, email address, or IP address and are available since OpenSSL 1.0.2. In particular, the X509_check_host function checks if the certificate's Subject Alternative Name or CommonName matches the specified host name.

int X509_check_host(X509 *, const char *name, size_t namelen, unsigned int flags, char **peername); These functions return 1 for a successful match, 0 for a failed match, -1 for an internal error, or -2 if the input is malformed.

Openconnect unfortunately incorrectly uses this function. If an attacker can force the function to fail with a negative value, the if condition will evaluate to true, setting the value of cert_valid to one (valid). Making the API return a negative value is a trivial thing since any certificate with a null byte on its SAN or CN will make it return -2.

This vulnerability allows an attacker that is able to get valid certificates from a CA with a specially crafted CommonName to perform a person-in-the-middle attack against VPN clients.

Kind Regards,

Jordy Zomer

Signed-off-by: Jordy Zomer jordy@simplyhacker.com

Edited Apr 23, 2020 by Jordy Zomer

incorrect use of X509_check_* functions, leading to MITM attacks.

Merge request reports