Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

Draft Variant

Structure: Simple

Description

The product modifies the SSL context after connection creation has begun.

Extended Description

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

Common Consequences 2

Scope: Access Control

Impact: Bypass Protection Mechanism

No authentication takes place in this process, bypassing an assumed protection of encryption.

Scope: Confidentiality

Impact: Read Application Data

The encrypted communication between a user and a trusted host may be subject to a sniffing attack.

Potential Mitigations 3

Phase: Architecture and Design

Use a language or a library that provides a cryptography framework at a higher level of abstraction.

Phase: Implementation

Most SSL_CTX functions have SSL counterparts that act on SSL-type objects.

Phase: Implementation

Applications should set up an SSL_CTX completely, before creating SSL objects from it.

Demonstrative Examples 1

The following example demonstrates the weakness.

Code Example:Bad
C
c

Modes of Introduction

Implementation

Related Attack Patterns

94
Improper Control of Generation of Code ('Code Injection')

Related Weaknesses

ChildOf:

Operation on Resource in Wrong Phase of Lifetime (CWE-666)

ChildOf:

Weak Authentication (CWE-1390)