A high-severity vulnerability tracked as CVE-2024-12797 has been identified in OpenSSL, one of the most widely used cryptographic libraries.
This flaw, discovered by Apple Inc. in December 2024, affects OpenSSL versions 3.2, 3.3, and 3.4 and could potentially allow man-in-the-middle (MitM) attacks on Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) connections that rely on Raw Public Keys (RPKs) for server authentication.
Understanding the Vulnerability
The vulnerability stems from improper handling of server authentication failures during TLS/DTLS handshakes when using RFC7250 Raw Public Keys.
Specifically, when a client enables RPK use for authenticating a server and sets the SSL_VERIFY_PEER verification mode, the handshake does not abort as expected if the server’s public key fails to match the expected values.
This failure leaves connections vulnerable to interception by malicious actors.
RPKs are an alternative to traditional X.509 certificates and are disabled by default in both TLS clients and servers.
However, when explicitly enabled in both configurations, this flaw could allow attackers to impersonate servers, intercept communications, or modify data exchanged between a client and a server.
The issue was introduced with the initial implementation of RPK support in OpenSSL 3.2.
Clients that rely on the handshake to fail under these conditions are at risk unless they explicitly verify authentication results using SSL_get_verify_result().
Impact and Affected Versions
The vulnerability primarily affects systems that use OpenSSL versions 3.2, 3.3, and 3.4 with RPK functionality enabled.
Earlier versions such as OpenSSL 3.1, 3.0, 1.1.1, and 1.0.2 remain unaffected due to the absence of RPK support in these releases.
Impacted systems are exposed to MitM attacks where attackers can intercept or manipulate sensitive data during transmission over vulnerable TLS/DTLS connections.
While the issue is severe, its scope is limited to scenarios where both client and server explicitly enable RPKs.
To mitigate this risk, the OpenSSL Project has released updated versions addressing the flaw:
- OpenSSL 3.4 users should upgrade to version 3.4.1.
- OpenSSL 3.3 users should upgrade to version 3.3.2.
- OpenSSL 3.2 users should upgrade to version 3.2.4.
The fixes were developed by Viktor Dukhovni following Apple’s report of the issue.
Recommendations and Next Steps
Organizations using affected OpenSSL versions are strongly urged to upgrade immediately to patched releases to mitigate potential risks associated with CVE-2024-12797.
For developers and administrators:
- Ensure that RPK functionality is disabled unless explicitly required.
- For clients relying on RPKs, implement additional checks using
SSL_get_verify_result()to confirm successful authentication. - Follow best practices for securing TLS/DTLS configurations by using X.509 certificates where possible.
The vulnerability highlights the importance of rigorous testing when implementing new cryptographic features like RPKs in widely used libraries such as OpenSSL.
For further details on this advisory, refer to OpenSSL’s official security bulletin.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=A high-severity vulnerability tracked as CVE-2024-12797 has been identified in OpenSSL, one of the most widely used cryptographic libraries.){kind=link}