comforte Security Advisory 28th February 2018

Weak cipher suites available after RELOAD CERTIFICATES command (CVE-2018-6653)

Severity: Moderate

The SWAP software (all versions from 1049 to 1069, 20.0.0 - 21.5.3) supports a “RELOAD CERTIFICATES” command that allows certificates to be refreshed without a SWAP process outage.

The comforte products that may use SWAP are: SecurCS, SecurFTP, SecurTN, Securlib/SSL-AT.

This vulnerability applies to the SWAP software running on NonStop servers built using the Intel X86, Intel Itanium or MIPS CPUs.

The SWAP process utilises a set of cipher suites that are either specified in the configuration or which default to a subset of the OpenSSL “high” cipher suites.

The “RELOAD CERTIFICATES” command causes the set of cipher suites in use to change to include all cipher suites the program supports. This includes cipher suites with a null cipher. Clients can then connect with a weak cipher suite possibly exposing sensitive data.

It is possible to determine if a SWAP process running as an SSL/TLS server is in the vulnerable mode. For example this can be tested using the OpenSSL s_client tool to connect to the port the server has open specifying a weak cipher. We should see a handshake failure unless the conditions are met.

openssl s_client -connect 10.0.0.173:1423 -cipher 'RC4-MD5'

 

The condition is alleviated by restarting the SWAP process.