A new OpenSSL Security Advisory notice titled ‘Alternative chains certificate forgery (CVE-2015-1793)’ has been issued,
During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate.
This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.’
This presents a major threat to all systems that secure their services using OpenSSL 1.0.1 and 1.0.2 (including most VPN services), as it allows some checks for untrusted certificates to be bypassed, making it easier for an adversary to forge an OpenSSL certificate.
Sensibly, details of this vulnerability (which OpenSSL was alerted to on 24 June 2015) were not released until after new patches were developed to fix the problem.
We strongly suggest that all VPN users contact their providers to ensure that they have updated their websites, servers and, clients with a patched version of OpenSSL.
Patched versions of the generic open source OpenVPN for Windows (i003 and i603) are available, as are patched versions of Viscosity for OSX Mac and Windows. Tunnelblick for OSX Mac remains unpatched at time of writing, but will hopefully be updated soon.
Most modern browsers should remain unaffected by the vulnerability, as Google Chrome (Boring SSL), Mozilla Firefox (libPKIX), Microsoft Internet explorer (SChannel), and Apple iOS (Secure Transport) use alternative certificate verification methods. Older Android devices do use OpenSSL, but chief cryptography engineer at Google, Adam Langley, has stated that these are unaffected by the issue.