Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 513905

Summary: OpenSSL Padding Oracle Attack (CVE-2016-2107)
Product: Community Reporter: John Arthorne <john.arthorne>
Component: ServersAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: P2 CC: contact, Silenio_Quarti, steve_northover
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: All   
Whiteboard:

Description John Arthorne CLA 2017-03-20 08:27:00 EDT 
From Eclipse security disclosure list:

I get in touch to report that  orion.eclipse.org and orion2.eclipse.org are vulnerable to CVE-2016-2107, allowing remote attackers to obtain sensitive information via padding-oracle attacks.

$ git clone https://github.com/FiloSottile/CVE-2016-2107.git
$ go run main.go orion.eclipse.org
... Vulnerable: true

The code above checks whether the TLS alert is DATA_LENGTH_TOO_LONG (vulnerable) or BAD_RECORD_MAC (not vulnerable).

What is CVE-2016-2107?

Filippo Valsorda, the author of the tool I used to discover this issue, wrote a fantastic article on CVE-2016-2107 here: https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/

What are padding-oracle attacks?

During the decryption and the HMAC verification process the length of the padding is revealed. Padding-oracle attacks iterate over the padding of the cryptographic message, revealing the contents of the message.

More information

While I am at it I may as well let you know that you also support 1024-bit Diffie-Hellman keys. I would recommend using a 2048-bit Diffie-Hellman group.

Link to GitHub repo: https://github.com/FiloSottile/CVE-2016-2107
Link to online test: https://filippo.io/CVE-2016-2107/


I look forward to your reply.

Best Regards,

—
Guifre
PGP: https://guif.re/pgp.asc
Comment 1 Silenio Quarti CLA 2017-03-20 12:57:58 EDT 
Moving to foundation to fix anything at the server level (patching server, etc).  Please move back if this has to be done at the application level.
Comment 2 Benjamin Cabé CLA 2017-08-28 09:13:36 EDT 
Webmaster, can you please comment on whether this is something for you to fix, or if this a configuration/application issue on the orion.eclipse.org vservers?
It doesn't look like other eclipse.org properties are affected by the issue so I am assuming it is the latter, but it would be great to get your input. 

Thanks!
Comment 3 Eclipse Webmaster CLA 2017-08-28 09:15:52 EDT 
We don't provide the SSL certs for project vservers, so this falls on the project team managing the vserver.

-M.
Comment 4 Benjamin Cabé CLA 2017-08-28 09:28:47 EDT 
(In reply to Eclipse Webmaster from comment #3)
> We don't provide the SSL certs for project vservers, so this falls on the
> project team managing the vserver.
> 
> -M.

Thank you Matt for the prompt feedback. In that particular case tho, it looks like orion.eclipse.org is using *.eclipse.org's cert?

15:26 $ openssl s_client -showcerts -connect orion.eclipse.org:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = CA, ST = Ontario, L = Ottawa, O = "Eclipse.org Foundation, Inc.", OU = IT, CN = *.eclipse.org
verify return:1
---
Certificate chain
 0 s:/C=CA/ST=Ontario/L=Ottawa/O=Eclipse.org Foundation, Inc./OU=IT/CN=*.eclipse.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
-----BEGIN CERTIFICATE-----


Can you please double check, maybe orion has a slightly different setup than a typical project vserver? Thanks!
Comment 5 Eclipse Webmaster CLA 2017-08-28 14:54:39 EDT 
Ok that's unusual.  Since the root issue is probably in the SSL libraries, I've reached out the Orion PLs, as we can just shut this vserver down if it's no longer needed(or being maintained by the project).

-M.
Comment 6 Eclipse Webmaster CLA 2017-09-01 16:28:32 EDT 
Ok the OpenSSL libs have been updated, the server rebooted and the test tool now returns:

$ go run main.go orion.eclipse.org
2017/09/01 16:26:53 Vulnerable: false

Closing as fixed and removing the security flag.

-M.