- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
Update: Microsoft now offers a patch for the FREAK vulnerability. It is recommended to undo the workaround described in this post.
The SSL FREAK vulnerability is not as severe as Heartbleed and POODLE. However, considering that 9.5 percent of public web domains and many client operating systems, including Windows, Android, and iOS, are vulnerable to the SSL FREAK attack, I wouldn’t underestimate the issue. As a security-minded admin, you should at least inform yourself, and this is what this article is for.
SSL FREAK attack web server check
First of all, you should know that, even if some of your systems are vulnerable, there is no reason for panic because it is not as easy to exploit FREAK as with previously detected HTTPS vulnerabilities. A FREAK attack is a man-in-the-middle attack where an attacker intercepts the HTTPS communication between a vulnerable web server and a vulnerable web browser.
By exploiting the FREAK vulnerability, the attacker can force a downgrade to a weak 512-bit RSA encryption key, which he can then break with a brute-force attack, which costs him about $100 if he uses cloud computing. The attacker then has access to secret information, such as passwords, transmitted through HTTPS.
The reason such weak keys are used is because, in the 1990s, the export of cryptography products using strong encryption from the United States was restricted. This is what “Export” stands for in Factoring Attack on RSA-EXPORT Keys (FREAK). (It’s kind of odd to talk about the FREAK attack because a factoring attack attack is not really a pretty term, but IT people don’t care that much about words.)
If you now think that you are off the hook because you don’t use any software from the ‘90s, you will be surprised to hear that Windows 8.1 with Internet Explorer 11 is vulnerable to the FREAK attack. According to Microsoft’s security advisory, essentially every Windows system is affected. The reason many new systems still support these old and weak keys is backward compatibility. So you see how the naysayers, who stick with outdated software as long as possible, endanger the entire Internet.
FREAK attack client check for Internet Explorer 11
Unfortunately, Microsoft does not distinguish between browsers and web servers in the advisory. It is true that all Internet Explorer installations on all Windows Server versions are affected. However, it appears that Internet Information Services (IIS) are only vulnerable on Windows 2003. I checked an IIS installation with default settings on Windows Server 2012 R2 and, according to this FREAK attack checker, it was safe.
As for third-party web browsers, I tested Opera, Firefox, and Chrome on Windows 8.1 and they were not vulnerable to FREAK. On my Android 4.4.2 phone, only Firefox passed the test at the time of this writing.
FREAK attack client check for Opera
I recommend that you check all OS–browser combinations that are used in your network. You can use this page for browsers and this one for web servers. Note that the web browser version is not compatible with all browsers.
FREAK attack check with incompatible browser
In such a case, you just have to click the link the tool provides. If you see “This page can’t be displayed” in Internet Explorer, your system is good. Otherwise, the page displays VULNERABLE!
A FREAK vulnerable Internet Explorer
If you are running vulnerable systems, you can follow the above-mentioned security advisory as a workaround until a patch is available. Note that Microsoft claims that no workaround exists for Windows Server 2003. However, I know one. Press the power button of that machine and then never touch this button again!
On newer systems, you can modify the SSL Cipher Suite Order policy setting. To do so, you have to enable the Group Policy SSL Configuration Settings in Computer Configuration > Administrative Templates > Network and then copy the text below into the SSL Cipher Suites field.
Note that you can’t just copy and paste the list from Microsoft’s web page. You first have to remove all the line breaks.
SSL Cipher Suite Order
Microsoft recommends that you reboot the system afterward, and it appears this is really necessary. I tried to run gpupdate and restart IIS and Internet Explorer, but the SSL cipher suite order didn’t change for both applications. Only after I restarted the computer did it work.
You should be aware that, if you follow Microsoft’s security advisory, Internet Explorer will then be unable to connect to systems that don’t support one of the cipher suites in the list. I think chances are are relatively low that this will happen because even those 9.5 percent vulnerable systems probably support some of those cipher suites in the list. However, I after I applied the settings I was no longer able to upload posts with Windows Live Writer to WordPress through an HTTPS connection. Actually, I couldn't upload this post. I guess, changing the cipher suite order on my server could solve the problem, but I didn't pursue this further
You can verify which cipher suites your Windows system is using with the free IIS Crypto tool. There is a GUI and a command line version. If you enter the URL of your web server in the QUALYS SSL LABS field and click Scan, IIS crypto will launch your web browser with an online tool that tests your SSL/TLS configuration. Among other security-relevant information, you can verify the real SSL cipher suite order of your web server. You might notice that IIS Crypto and QUALYS SSL LABS can show a different order. In that case, you probably just have to restart the machine that runs IIS.
IIS Crypto – Best practices
The tool also allows you to disable protocols, ciphers, hashes, and key exchange algorithms and reorder SSL/TLS cipher suites. It does this by modifying the corresponding Registry keys. I recommend that you click the Best Practices button to see what the IIS Crypto tool’s maker recommends. I think it makes a lot of sense to no longer use SSL and only work with its successor, TLS.