CVE-2015-2808 : Bar Mitzvah Attack in RC4

A critical vulnerability is discovered in Rivest Cipher 4 software stream cipher. In cryptography, RC4 is one of the most used software-based stream ciphers in the world. The cipher is included in popular Internet protocols such as Transport Layer Security (TLS).

It is a very simple cipher when compared to competing algorithms of the same strength and boasts one of the fastest speeds of the same family of algorithms. It is estimated to protect as much as 30% of SSL traffic. Though it is the most popular binary additive stream cipher, it suffers a long known (a 13-year-old vulnerability!!!) weakness known as Invariance Weakness.

From Mitre : “The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.”

As we told in the above RC4 cipher is used in TLS protocols, which means all Clients and Servers with RC4 cipher enabled are vulnerable.

 

How to check if RC4 is enabled in web browser ?

Click here to check SSL cipher suite details of your browser, which will list RC4 in the cipher suite list if RC4 is enabled in your browser as show in the below picture.

RC4 Cipher
RC4 Cipher is enabled!!

 

How to check if RC4 is enabled in web server ?

    1. Run the following openssl command (testing server is test_your_website.com):

openssl s_client -cipher RC4 -connect test_your_website.com:443

    1. Output of the above command:

 

Case 1

      • : If RC4 is enabled in test_your_website.com, command should produce something like
..................
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
...................
Cipher    : ECDHE-RSA-RC4-SHA
...................

Case 2

      • : If RC4 is disabled in test_your_website.com, command should produce something like
140355035514528:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:

How to disable RC4?

    1. In Web Browsers:

Google Chrome and Opera:

    To disable RC4 cipher in Google chrome and Opera you will have to start those applications with the following parameters:
–cipher-suite-blacklist=0x0005,0x0004,0x002f,0xc012,0xc011,0x003c,0xc011,0x0032,0xc007,0xc00c

Mozilla Firefox:

      • Open configuration page by typing about:config in the address bar of Mozilla Firefox.
      • Enter RC4 in ‘Search’ bar.
      • As search result you see the various cipher combinations that use this encryption standard. Double-click on each lines to toggle them from “true” to “false”.
RC4 Cipher in Mozilla Firefox
RC4 Cipher in Mozilla Firefox

Internet Explorer:

      • The RC4 cipher can be completely disabled on Windows platforms by setting the

“Enabled”

      • (REG_DWORD) entry to value

00000000

      • in the following registry locations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128

 

    1. In Web Servers:

Apache:

    • You need to have

:!RC4:

    • in

SSLCipherSuite

    line of your configuration file.
SSLCipherSuite HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!SSLv2

Microsoft Internet Information Server:

    • The procedure for disabling RC4 in Internet information server is the same as disabling RC4 in Internet Explorer as discussed

above

JBoss:

Update your conf/jboss-service.xml to disable RC4 cipher. You have to remove RC4 cipher from cipher suite list

<Connector port="8443" address="${jboss.bind.address}"
maxThreads="150" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
sslProtocol = "TLS"
keystoreFile="${jboss.server.home.dir}/conf/keystore/yourkeystore.keystore"
keystorePass="your-keystore-password"
protocol="HTTP/1.1" 
ciphers="SSL_DHE_DSS_WITH_RC4_128_SHA,
SSL_DH_anon_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DH_anon_WITH_AES_128_CBC_SHA,
TLS_DH_anon_WITH_AES_256_CBC_SHA,
TLS_KRB5_WITH_RC4_128_MD5,
TLS_KRB5_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA"
SSLEnabled="true">
</Connector>   

We strongly suggest configuring your web server and browser as shown above.

SecPod Saner detects these vulnerabilities. Download Saner now and keep your systems updated and secure.

– Kumarswamy S

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Desert Safari Deals

Hi there to every one, the contents present at this site
are actually remarkable for people knowledge, well, keep up the good work fellows.