CVE-2018-16115 in Akka
Summary
by MITRE
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/19/2020
CVE-2018-16115 represents a critical cryptographic vulnerability in Lightbend Akka versions 2.5.x prior to 2.5.16, specifically affecting the random number generator implementations used in Akka Remoting for TLS communication. This vulnerability stems from a fundamental flaw in the AES128CounterSecureRNG and AES256CounterSecureRNG implementations that were included in the Akka framework for historical reasons. The core technical issue involves a severe weakness in the random number generation algorithm where the generated cryptographic numbers begin to repeat after only a few bytes of usage, fundamentally undermining the security properties that cryptographic random number generators are designed to provide. This vulnerability is classified under CWE-330 Use of Insufficiently Random Values, which directly relates to the inadequate entropy and predictability of the generated sequences.
The operational impact of this vulnerability extends across both classic and Artery Remoting implementations within Akka, affecting the security of communication channels between distributed systems. Attackers who can influence or observe network traffic can exploit this weakness to compromise the confidentiality, integrity, and authenticity of messages transmitted through Akka Remoting and Cluster communication mechanisms. The vulnerability enables potential eavesdropping capabilities where attackers can decrypt and read sensitive information exchanged between Akka nodes, along with message replay attacks that allow for the duplication of legitimate communications and modification attacks that enable alteration of transmitted data. The risk is particularly severe because the custom RNG implementations were not configured by default but were prominently featured in documentation examples, effectively creating a situation where developers might unknowingly implement these insecure configurations.
The exploitation of this vulnerability aligns with several tactics described in the MITRE ATT&CK framework, particularly those related to credential access and defense evasion through cryptographic attacks. Attackers can leverage this weakness to establish persistent access patterns within distributed systems, potentially compromising entire clusters of interconnected Akka applications. The vulnerability demonstrates a classic example of insecure cryptographic implementation where the use of a predictable random number generator directly enables man-in-the-middle attacks and session hijacking scenarios. Organizations running Akka-based distributed systems are at significant risk of data breaches and system compromise if they have not upgraded to version 2.5.16 or later, as the insecure RNG implementations can be enabled through configuration files and documentation examples. The security implications extend beyond individual applications to affect entire distributed architectures, making this vulnerability particularly dangerous in enterprise environments where Akka is used for critical communication infrastructure.
Mitigation strategies should focus on immediate upgrade to Akka version 2.5.16 or later, which contains the corrected random number generator implementations. Organizations must also conduct thorough configuration reviews to ensure that custom RNG implementations are not being used in production environments, particularly examining documentation examples and code samples that may have inadvertently recommended these insecure configurations. Security teams should implement monitoring for any unusual patterns in network traffic that might indicate exploitation attempts, while also reviewing system logs for evidence of configuration changes that might have enabled the vulnerable RNG implementations. Additionally, organizations should consider implementing network segmentation and additional security layers to reduce the impact if exploitation occurs, as the vulnerability affects the fundamental security of communication channels within distributed systems. The remediation process should include comprehensive testing of upgraded systems to ensure that the fix has been properly implemented and that no other insecure cryptographic configurations remain in place.