Security Advisory Description
Cerberus FTP Server versions prior to 12.2.0 and 11.3.10 are vulnerable to a SSL/TLS Triple Handshake attack. In a previous blog post, we discussed functionality to limit vulnerabilities due to renegotiation attacks. miTLS describe the Triple Handshake (3SHAKE) vulnerability as a Man-in-the-Middle (MitM) attack relying on a combination of standard renegotiation and resumption. And while we have addressed renegotiation, there may exist a version that can use resumption only. In order to eliminate this possibility, we have implemented RFC 7627. The TLS extended master secret (EMS) extension includes a hash of the initial handshake messages in the session hash which in turn is used in the master secret derivation. The inclusion of EMS eliminates an entire class of potential attacks when supported by both client and server.
We have been unable to find evidence of active exploitation of 3SHAKE or any proof-of-concept implementations. However, given the state of the security landscape and the rise of nation-state and coordinated group attacks, we felt it was worthwhile to implement these updates. Finally, this addition should help some customers who use automated scanning utilities avoid undue warnings.
A few open source scanners that will test for 3SHAKE include Tripwire’s TLS Extended Master Secret Extension Checker and FBK-ICT’s TLSAssistant.
Scope
- This potential vulnerability impacts all editions of Cerberus FTP Server.
Known Affected Versions
- 12.0 releases prior to 12.2.0
- 11.0 releases prior to 11.3.10
- 10.0 and earlier are also affected. These versions are out of support and no longer receive updates.
Mitigation
This issue is addressed in version 12.2.0 and 11.3.10. As always, Cerberus Administrators are urged to upgrade to these versions or higher as soon as possible. There are no known mitigations beyond limiting connection access to the server.
Credit
This vulnerability was discovered and reported by one of our valued customers. Special thanks for their efforts.