Duo Security’s Response to OpenSSL Heartbleed
tl;dr: Duo’s cloud service was fully patched and protected against Heartbleed within hours of the vulnerability being publicly disclosed.
UPDATE - 2014/04/15 - The SSL certificates for all Duo services have been re-key'ed.
Read on for the full details.
Overview of Heartbleed
Earlier this week, researchers disclosed a critical vulnerability in recent versions of the OpenSSL library. This vulnerability, officially identified as CVE-2014-0160, and also known as the “heartbleed” bug - is a simple flaw in how OpenSSL implements support for the TLS “heartbeat” extension. We recommend reading the full description and analysis posted by researchers on http://heartbleed.com, but here’s a quick summary:
- By sending a malformed TLS heartbeat request, an unauthenticated client can read arbitrary chunks of memory from servers built using OpenSSL, and vice-versa (i.e. servers can also read arbitrary memory from OpenSSL-based clients).
- In practice, these memory chunks can contain all kinds of sensitive information, including any usernames / passwords / cookies / etc. transmitted through SSL / TLS connections to other clients or servers.
- In some cases, researchers were even able to extract the private keys used to secure and authenticate the SSL / TLS connections themselves.
The OpenSSL library is an integral component in many of the systems that run the internet; some have reported that as many as two-thirds of the web servers on the internet are built using OpenSSL (though not necessarily using one of the vulnerable versions - 1.0.1 through 1.0.1f).
Duo Security's Response
Upon learning of the vulnerability on Monday, we immediately began evaluating the issue and its patch, and proceeded to push updated OpenSSL libraries to all of our production infrastructure on Monday evening. Since then, we have been working to determine the full scope of the issue and ensure that all of our customers are fully protected against any further consequences from this bug.
When designing our two-factor authentication platform, we made a concerted effort to build mechanisms that would remain robust against a failure in a single security layer (e.g. SSL / TLS). This approach is commonly known as “defense-in-depth.”
One relevant example is that we designed our APIs to use request signatures (e.g. as documented on Duo Security's API Documentation) for authentication, rather than directly sending API keys over SSL.
This was a conscious trade-off: requiring request signatures does make it somewhat more difficult to build custom API clients to communicate with our service, but it also makes it much less likely that our customers’ API secrets themselves can be compromised, even when serious vulnerabilities are found in the SSL/TLS protocols or their various implementations.
(In the specific case of the “heartbleed” bug, we use a dedicated reverse-proxy to perform “SSL termination” on our API traffic; it runs in a process distinct from application logic that validates API signatures. So, if an attacker had managed to dump memory from our proxy containing an API request, he would only be able to see the API signature, not the actual secrets used to generate it).
Next Steps for Our Customers
Our integration software packages themselves are not vulnerable and do not need to be upgraded. Duo-provided copies of OpenSSL have never been vulnerable to this bug.
However, if your operating system or other software includes a copy of OpenSSL we recommend you ensure it is up-to-date.
In addition, several of the products with which we integrate may also be affected by this bug - particularly, devices like SSL-VPNs.
- Juniper Networks has posted an advisory for their affected products, and has released updated firmwares distributions for their (IVEOS) SSL-VPNs:
- Cisco has posted a preliminary advisory at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
- The OpenVPN project has posted some information at https://community.openvpn.net/openvpn/wiki/heartbleed
We’d recommend reaching out to any other relevant vendors to determine what actions are required.
We believe that the “heartbleed bug” serves as yet another case study in the need to deploy strong authentication across the internet. Among many other things, this vulnerability is yet another opportunity for bad guys to steal passwords at scale. Much as we deployed the principle of “defense in depth” to protect our own architecture, deploying Duo can protect your users against many circumstances in which one security layer (i.e. their passwords) fails.
Have more questions or comments? Contact Support at firstname.lastname@example.org.