CVE-2023-0547: Unchecked OCSP Revocation Status in Thunderbird S/MIME Encrypted Email Leads to Vulnerability

A vulnerability (CVE-2023-0547) has been identified in Mozilla Thunderbird, an open-source email client, where OCSP (Online Certificate Status Protocol) revocation status of recipient certificates was not checked during the process of sending S/MIME encrypted email. As a result, Thunderbird versions from 68 to 102.9.1 have a flaw that allows for revoked certificates to be accepted. This poses a significant security risk as revoked certificates can be used to compromise encrypted communications.

In this post, we will discuss the details of this vulnerability, provide code snippets that demonstrate the issue, and share links to original references for further information.

Code Snippet:

The following code snippet demonstrates the core issue with Thunderbird's handling of S/MIME encrypted email:

def send_encrypted_email(to, subject, body):
    smime = SMIME.SMIME()
    
    # Load signer's key
    key = X509.load_cert('signer_key.pem')
    smime.load_key('signer_key.pem', 'signer_cert.pem', callback=passphrase_callback)
    
    # Load recipient's certificate
    recipient_cert = X509.load_cert('recipient_cert.pem')
    
    # OCSP check should happen here, but it's missing
    # -------------------------------------------------------------------------
    # smime.set_ocsp_check() must be called to enable OCSP checking
    
    smime.add_recipient(recipient_cert)
    
    # Encrypt the email
    p7 = smime.encrypt(MIMEText.MIMEText(body))
    out = StringIO.StringIO()
    p7.write(out)
    body_encrypted = out.getvalue()
    
    # Create encrypted email message
    msg = MIMEMultipart()
    msg['From'] = 'sender@example.com'
    msg['To'] = to
    msg['Subject'] = subject
    msg.attach(MIMEText.MIMEText(body_encrypted, _subtype='x-pkcs7-mime'))
    
    # Send the email
    smtp_connection.sendmail('sender@example.com', to, msg.as_string())

In this code example, the sender's private key (signer_key.pem) and the recipient's public certificate (recipient_cert.pem) are loaded, encrypting the email using S/MIME. However, the critical OCSP check to verify if the recipient's certificate has been revoked or not is missing, causing the vulnerability.

Gain access to a revoked certificate.

2. Intercept and decrypt S/MIME encrypted emails sent by a vulnerable Thunderbird client.

Tamper or read those emails without the sender or recipient's knowledge.

Since the OCSP check is not performed to verify the recipient's certificate status, the email encryption will not be secure, allowing an attacker to utilize a revoked certificate to compromise encrypted email communications.

Original References:

For more information about this vulnerability, please check the official CVE Record, Mozilla Security Advisory, and Thunderbird Release Notes:

1. CVE-2023-0547 - National Vulnerability Database
2. Mozilla Security Advisory - Unchecked OCSP Revocation Status in Thunderbird
3. Thunderbird Release Notes - Version 102.10

Mitigation

To address this vulnerability, all Thunderbird clients with versions ranging from 68 to 102.9.1 should be updated to Thunderbird 102.10 or newer. This update ensures that the OCSP revocation status of recipient certificates is properly checked when sending S/MIME encrypted email, preventing the acceptance of revoked certificates and securing encrypted communications.

By understanding the risks and taking appropriate precautions, users of Thunderbird can ensure their S/MIME encrypted email communications remain secure and uncompromised.

Timeline

Published on: 06/02/2023 17:15:00 UTC
Last modified on: 06/09/2023 17:51:00 UTC