OpenVPN Easy-RSA Vulnerability Enables Bruteforce of Private CA Key

A critical vulnerability (CVE-2024-13454) has been identified in Easy-RSA versions 3.0.5 through 3.1.7 when used with OpenSSL 3. 

This flaw allows private Certificate Authority (CA) keys to be encrypted using the outdated and weak cipher DES-EDE3-CBC (commonly referred to as 3DES), making them susceptible to brute-force attacks.

Easy-RSA, a utility for managing Public Key Infrastructure (PKI) for OpenVPN, is designed to create and manage CA keys. 

The company claimed, however, that when the easyrsa build-ca command is executed on systems running OpenSSL 3, the CA private key is encrypted using DES-EDE3-CBC instead of the expected stronger algorithm, AES-256-CBC. 

This discrepancy stems from a misconfiguration in Easy-RSA’s default settings for encryption algorithms.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The vulnerability significantly reduces the computational effort required by attackers to bruteforce the CA private key, potentially compromising the entire PKI infrastructure. This could allow attackers to forge certificates and intercept encrypted communications.

Impact of the Vulnerability

• Affected Versions: Easy-RSA versions 3.0.5 through 3.1.7 on systems using OpenSSL 3.
• Unaffected Versions: Easy-RSA versions prior to 3.0.5 and version 3.2.0 or newer.
• Encryption Algorithms: Vulnerable keys use DES-EDE3-CBC, while secure configurations use AES-256-CBC.

Mitigation Steps

Re-encrypt Existing Keys: Run the command easyrsa set-pass ca re-encrypt the CA private key with the correct cipher (AES-256-CBC). This command is compatible with all versions of Easy-RSA.

Upgrade Easy-RSA: Update to Easy-RSA version 3.2.0 or later, which resolves this issue by ensuring proper encryption algorithms are used by default.

Verify OpenSSL Version: Ensure your system uses a secure version of OpenSSL. Versions 1.x are not affected by this issue, while OpenSSL 3 should be updated to its latest secure release.

However, for Easy-RSA versions 3.0.9 through 3.1.7, it was discovered that the set-rsa-pass and set-ec-pass changed the CA key format from PKCS12 to PKC8.

Hence, the vulnerability underscores the importance of regularly auditing cryptographic tools and configurations to ensure compliance with modern security standards.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar