Applies to Centrify Server Suite on all platforms.Description:
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
- Has Centrify been affected by the above vulnerability? And when will Centrify be releasing a fix for this?
- The CVE states this flaw is an SSLv2 protocol issue which this DROWN vulnerability takes advantage of.
- Centrify product DirectControl / DirectAudit uses openSSL crypto library, but do not use SSL. We use kerberos for authentication, and all LDAP traffics are protected by GSSAPI privacy.
- We also do use cURL for HTTPS in support of getting CRL for certificate auto-enrollment. This is client process, so it largely depends on what HTTPS server does.
- It can cause threats if non-Centrify application uses SSLv2 using our OpenSSL library. As long as other applications do not use SSLv2 with our library, there is no vulnerability that can be taken advantage of.
- We do not ever claim to provide OpenSSL as this is for our own usage. This is because we rely on the specific crypto the library provides. We do not intend this to be used by anything outside of Centrify.
- If ones choose to link their code to our shipped library and their code utilizes this in a way affected by the vulnerability, then the DROWN vulnerability applies.
- DirectControl is built on openssl 0.9.8, and have been keeping up with the updates. Suite 2016 is built on and includes openssl 0.9.8zg.
- We will be upgrading to openssl 1.0.2 in Suite 2016.1, so if this is a concern, we would recommend upgrading ASAP when it is released