CVE-2022-1343 in OpenSSL
Summary
by MITRE • 05/03/2022
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/26/2024
The vulnerability described in CVE-2022-1343 resides within the OpenSSL library's OCSP_basic_verify function, which is responsible for validating the signer certificate of Online Certificate Status Protocol responses. This function operates under specific flag conditions that determine how certificate verification is performed, creating a critical inconsistency in the verification process that can lead to false positive results. The issue manifests specifically when the OCSP_NOCHECKS flag is utilized during OCSP response validation, a non-default configuration that bypasses normal certificate verification procedures. This vulnerability represents a fundamental flaw in certificate validation logic that directly impacts the security posture of systems relying on OCSP responses for certificate status verification.
The technical flaw in this vulnerability stems from improper handling of certificate verification outcomes when specific flags are applied to the OCSP_basic_verify function. Under normal operation without the OCSP_NOCHECKS flag, the function correctly returns a negative value indicating verification failure when certificate validation does not succeed, which aligns with expected behavior and security protocols. However, when the OCSP_NOCHECKS flag is present, the function incorrectly returns a positive value indicating successful verification even when the signing certificate fails to validate properly. This creates a dangerous scenario where systems believe certificate validation has succeeded when it has actually failed, undermining the entire certificate validation process. The inconsistency in return values violates standard security expectations and creates a potential attack vector where malicious actors could exploit this behavior to bypass certificate validation entirely.
The operational impact of this vulnerability extends beyond the library's internal functions to affect the command line OpenSSL ocsp application, which demonstrates the widespread nature of the issue. When users employ the "-no_cert_checks" option in the command line interface, they receive contradictory feedback where error messages clearly indicate certificate verification failures while simultaneously reporting successful verification results. This contradictory behavior creates confusion for administrators and security professionals who rely on accurate validation feedback to make security decisions. The vulnerability affects OpenSSL versions 3.0.0 through 3.0.2, representing a significant window where systems using these versions could be compromised without detection, as the flawed verification process would silently accept invalid OCSP responses. This vulnerability directly impacts certificate validation workflows that depend on OCSP responses for determining certificate status and trustworthiness.
This vulnerability aligns with CWE-254, which addresses weaknesses in cryptographic implementations related to improper certificate validation, and can be mapped to ATT&CK technique T1556.401, which covers credential manipulation through certificate validation bypasses. The flaw essentially allows attackers to bypass certificate validation checks that should prevent the acceptance of invalid or compromised certificates, creating a pathway for man-in-the-middle attacks or certificate impersonation. Organizations relying on OpenSSL for secure communications and certificate validation are particularly vulnerable, as this issue affects fundamental security mechanisms that protect against certificate-based attacks. The vulnerability's impact is exacerbated by the fact that most users of OpenSSL would not intentionally use the OCSP_NOCHECKS flag, making the issue more insidious and harder to detect in production environments where security is paramount.
The mitigation strategy for this vulnerability requires immediate upgrade to OpenSSL version 3.0.3 or later, where the issue has been properly addressed through corrected certificate validation logic. System administrators should review all configurations that might utilize the OCSP_NOCHECKS flag or related certificate checking options and ensure they are not inadvertently enabling this vulnerable behavior. Security monitoring should be enhanced to detect inconsistent verification results where error messages contradict success indicators, as this pattern may indicate exploitation attempts. Additionally, organizations should implement comprehensive certificate validation testing procedures to ensure that their systems correctly identify certificate validation failures and maintain proper security posture against potential certificate-based attacks. The fix implemented in OpenSSL 3.0.3 ensures that the function properly returns negative values when certificate verification fails, regardless of flag usage, restoring the expected security behavior and eliminating the possibility of false positive verification results.