Incident: TLS Vulnerabilities in Top Websites Expose Data to Attacks

Published Date: 2019-03-28

Postmortem Analysis
Timeline 1. The software failure incident mentioned in Article 82202 happened in May 2019. [82202]
System 1. Transport Layer Security (TLS) encryption schemes 2. Secure Sockets Layer (SSL) 3. Web servers 4. Browsers 5. Websites' TLS implementation 6. HTTPS encryption channels 7. TLS vulnerabilities detection tool (being developed by Ca' Foscari researchers) [82202]
Responsible Organization 1. The software failure incident was caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer [82202].
Impacted Organization 1. Users of the web browsing the affected sites were impacted by the TLS vulnerabilities [82202].
Software Causes 1. The software causes of the failure incident were related to potentially exploitable TLS vulnerabilities found in a surprising number of encrypted sites, including issues in how sites implemented TLS encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer [82202].
Non-software Causes 1. Lack of proper implementation of TLS encryption schemes on websites. 2. Failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer. 3. Interdependencies and relationships between URLs and hosts leading to vulnerabilities in related domains. 4. Small oversights and weaknesses in TLS implementation that could have an outsize impact on overall security.
Impacts 1. The software failure incident resulted in 5.5% of the top 10,000 HTTPS sites having potentially exploitable TLS vulnerabilities, including flaws in how sites implemented TLS encryption schemes and failures to patch known bugs [82202]. 2. The vulnerabilities found ranged from partially leaky bugs that could help an attacker decrypt session cookies to more severe leaky bugs that could enable an attacker to decrypt all traffic passing through the flawed encryption channels [82202]. 3. The most severe vulnerabilities observed were the "tainted" channels that could potentially allow an attacker not only to decrypt traffic but also to modify or manipulate it, leading to "man in the middle" attacks that HTTPS encryption aims to prevent [82202]. 4. The interconnectedness of the web was highlighted as a key impact, where TLS vulnerabilities in one site could propagate to related domains and create a ripple effect of exposure, emphasizing the importance of addressing vulnerabilities across interconnected sites [82202].
Preventions 1. Regularly patching known bugs in TLS and its predecessor, Secure Sockets Layer could have prevented the software failure incident [82202]. 2. Employing modern HTTP antitampering techniques could have helped prevent the vulnerabilities in TLS encryption channels [82202]. 3. Developing a tool based on the findings of the researchers at Ca' Foscari University to help developers identify frequently overlooked TLS vulnerabilities could have been a preventive measure [82202].
Fixes 1. Implementing modern HTTP antitampering techniques as suggested by Kenn White, a security engineer and director of the Open Crypto Audit Project [82202]. 2. Developing a tool based on the findings of the researchers at Ca' Foscari University of Venice and Tu Wien to help developers identify frequently overlooked TLS vulnerabilities [82202].
References 1. Researchers at Ca' Foscari University of Venice in Italy and Tu Wien in Austria [82202] 2. Riccardo Focardi, a network security and cryptography researcher at Ca' Foscari University of Venice [82202] 3. Kenn White, a security engineer and director of the Open Crypto Audit Project [82202]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident having happened again at one_organization: The article does not provide specific information about a similar incident happening again within the same organization or with its products and services. Therefore, it is unknown if a similar incident has occurred again at the same organization. (b) The software failure incident having happened again at multiple_organization: The article discusses the findings of researchers at Ca' Foscari University of Venice and Tu Wien in Austria regarding TLS vulnerabilities in the web's top 10,000 HTTPS sites. These vulnerabilities were found in various websites, indicating that similar incidents related to TLS vulnerabilities have occurred at multiple organizations [82202].
Phase (Design/Operation) unknown The articles do not provide specific information about a software failure incident occurring due to the development phases related to design or operation.
Boundary (Internal/External) within_system, outside_system The software failure incident discussed in the articles can be categorized as both within_system and outside_system: (a) within_system: The failure is within the system as it involves vulnerabilities in how sites implemented TLS encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer [82202]. (b) outside_system: The failure is also influenced by factors outside the system, such as the interconnectedness of the web and dependencies between URLs and hosts that can amplify TLS vulnerabilities across different sites [82202].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: The article discusses how researchers found potentially exploitable TLS vulnerabilities in a surprising number of encrypted sites. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer. The vulnerabilities were subtle enough that the green padlock indicating secure connection would still appear, but they could potentially allow attackers to decrypt traffic passing through flawed encryption channels. These vulnerabilities were categorized as "partially leaky," "leaky," and "tainted," with the most severe being the "tainted" vulnerabilities that could not only decrypt traffic but also modify or manipulate it [82202]. (b) The software failure incident occurring due to human actions: The article mentions that many of the TLS vulnerabilities found were not necessarily critical vulnerabilities and might not be appealing targets for hackers because they would take more effort and be more conspicuous to abuse in an attack than other common vulnerabilities. The article emphasizes the importance of web developers employing modern HTTP antitampering techniques to address these vulnerabilities. It also highlights the struggle of a surprisingly large number of high-traffic sites in handling cookies on web servers and using decent TLS, indicating potential shortcomings in human actions related to web development and security practices [82202].
Dimension (Hardware/Software) unknown The articles do not provide information about a software failure incident related to hardware or software failures.
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident discussed in the articles is non-malicious. The failure is related to TLS vulnerabilities in websites, which were caused by issues in how sites implemented encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer [82202]. The vulnerabilities were not necessarily critical vulnerabilities and might not be appealing targets for hackers due to the effort and conspicuousness required to exploit them [82202]. (b) The software failure incident is non-malicious as it was not caused by any malicious intent but rather by unintentional flaws in the implementation of TLS encryption on websites [82202].
Intent (Poor/Accidental Decisions) poor_decisions The software failure incident discussed in the articles is related to poor_decisions. The failure was due to a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer [82202]. The vulnerabilities found in the TLS encryption channels between browsers and web servers could potentially allow attackers to decrypt traffic, modify it, or conduct "man in the middle" attacks, which are precisely what HTTPS encryption aims to prevent. The flaws were subtle enough that the green padlock indicating secure connection would still appear, highlighting the severity of the vulnerabilities introduced by these poor decisions in implementing and maintaining secure encryption protocols.
Capability (Incompetence/Accidental) development_incompetence (a) The article discusses software failure incidents related to development incompetence, specifically in the context of TLS vulnerabilities in HTTPS sites. Researchers found that a surprising number of encrypted sites had potentially exploitable TLS vulnerabilities due to issues in how sites implemented TLS encryption schemes and failures to patch known bugs in TLS and its predecessor, Secure Sockets Layer [82202]. (b) The article does not provide information on software failure incidents occurring due to accidental factors.
Duration unknown The articles do not provide information about the duration of the software failure incident being permanent or temporary.
Behaviour value, other (a) crash: The articles do not mention any software failure incident related to a crash. (b) omission: The articles do not mention any software failure incident related to omission. (c) timing: The articles do not mention any software failure incident related to timing. (d) value: The software failure incident discussed in the articles is related to the system performing its intended functions incorrectly. Specifically, the vulnerabilities in TLS encryption schemes and failures to patch known bugs led to flaws that could potentially allow attackers to decrypt, modify, or manipulate traffic passing through the affected sites [82202]. (e) byzantine: The articles do not mention any software failure incident related to a byzantine behavior. (f) other: The software failure incident described in the articles involves subtle TLS vulnerabilities that could potentially allow attackers to decrypt, modify, or manipulate traffic passing through affected sites. These vulnerabilities are not necessarily critical but could still be exploited, although they might not be appealing targets for hackers due to the effort and visibility required for abuse [82202].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, theoretical_consequence (d) property: People's material goods, money, or data was impacted due to the software failure. The software failure incident discussed in the article pertains to TLS vulnerabilities in HTTPS sites, which could potentially expose sensitive data such as travel plans, passwords, and session cookies to attackers. These vulnerabilities could allow attackers to decrypt traffic passing through flawed encryption channels, potentially leading to the exposure and manipulation of data. While the flaws found may not necessarily be critical vulnerabilities, they could still be potentially exploitable, posing a risk to users' data security and privacy [82202].
Domain information The software failure incident discussed in the article is related to the information industry. The incident involves vulnerabilities in the Transport Layer Security (TLS) encryption schemes used by websites to protect data exchanged between browsers and web servers [82202]. The vulnerabilities identified by researchers at Ca' Foscari University of Venice and Tu Wien in Austria could potentially expose sensitive information such as travel plans, passwords, and other data to attackers [82202]. The flaws in the TLS implementation on various websites could lead to data leakage and manipulation, compromising the security and privacy of users [82202]. The incident highlights the importance of addressing these vulnerabilities to ensure the secure transmission of information over the web [82202].

Sources

Back to List