An encryption vulnerability in Oracle’s Java framework opens the door for attackers to forge credentials.
Java version 15 and above affected
Recent releases of Java could make it easier for an attacker to forge SSL certificates and signed JSON Web Tokens (JWTs), among other vulnerabilities.
Neil Madden, a Security Architect at ForgeRock who discovered the vulnerability, said in a blog post that “you should stop what you are doing” and immediately install the fixes in the Oracle April 2022 Critical Patch Update.
The vulnerability centers on the implementation of widely-used ECDSA (Elliptic Curve Digital Signature Algorithm) signatures in Java versions 15 and above. ECDSA is a variant of the Digital Signature Algorithm (DSA) that uses elliptic curve cryptography to authenticate messages digitally.
“If you are running one of the vulnerable versions then an attacker can easily forge some types of SSL certificates and handshakes (allowing interception and modification of communications), signed JWTs, SAML assertions or OIDC id tokens, and even WebAuthn authentication messages. All using the digital equivalent of a blank piece of paper,” ForgeRock’s Madden wrote in the blog.
Yes, this is severe, Madden said.
“It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of [the above] security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU). For context, almost all WebAuthn/FIDO devices in the real world (including Yubikeys) use ECDSA signatures and many OIDC providers use ECDSA-signed JWTs.”
--CVE-2022-21449: Psychic Signatures in Java, Neil Madden, April 19, 2022
Why is this coming to light just now since Java has had ECDSA support for a long time? “This is a relatively recent bug introduced by a rewrite of the EC code from native C++ code to Java, which happened in the Java 15 release,” Madden says.
Doctor Who’s “psychic paper”
Madden compared the vulnerability to a recurring plot in the BBC sci-fi show Doctor Who, where the Doctor gets out of trouble by showing a blank identity card.
“Of course, this being Doctor Who, the card is really made out of a special ‘psychic paper,’ which causes the person looking at it to see whatever the Doctor wants them to see: a security pass, a warrant, or whatever,” Madden wrote.
Cryptographic code is tricky to implement correctly, and public key signature algorithms are some of the trickiest, Madden said, adding that ECDSA is itself one of the most fragile algorithms, “where even a tiny amount of bias in one random value can allow complete recovery of your private key.”
Crypto agility helps you respond rapidly
Security events, such as the recent Java vulnerability, challenge you to quickly find and replace a given set of compromised certificates and keys. To successfully meet this challenge, you need to maintain high levels of what analysts call crypto agility.
To achieve crypto agility, you need to be prepared to respond quickly to mass certificate and key security events. At the same time, you must be able to demonstrate policy compliance for all certificates and identify any anomalies. This requires comprehensive visibility and detailed intelligence as well as automation to enable replacement at machine speed and scale.
Protecting SSL certificates from cyberattacks is made easier with crypto agility—especially when you are able to automate certificate generation and authentication. Couple that with a robust platform for machine identity management and you’ve got the crypto agility you need for compliance enforcement and verification, rapid incident response, and automated remediation.