The Bouncy Castle Java Cryptography APIs are a popular library for adding cryptography functions to Java applications. Recently, a vulnerability was discovered (identified as CVE-2024-34447) in versions before Bouncy Castle 1.78. This vulnerability could potentially cause hostname verification to be performed against a DNS-resolved IP address instead of the actual hostname, as detailed in the original advisory [1], creating a risk for DNS poisoning.

Detailed Description of the Vulnerability

The vulnerability lies in the BCJSSE (Bouncy Castle Java Secure Socket Extension), which is used for creating SSL sockets in Java applications. Specifically, when endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as is often the case with HttpsURLConnection), hostname verification might be performed against a DNS-resolved IP address.

This becomes an issue because an attacker who is able to poison the DNS resolution process or manipulate the DNS cache can then trick SSL connections into being made with a different (and potentially malicious) server. This effectively creates a man-in-the-middle attack situation, where the attacker can eavesdrop on or even alter transmitted data between the victim and the impersonated server. The exploit details and a proof of concept are provided in the original advisory [2].

A Simple Code Snippet

The following code snippet demonstrates the creation of an SSL socket using HttpsURLConnection without an explicit hostname. This code is affected by the vulnerability.

import java.net.URL;
import javax.net.ssl.HttpsURLConnection;

public class CVE202434447 {
    public static void main(String[] args) {
        try {
            URL url = new URL("https://example.com";);
            HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
            // ... perform connection and data exchange
            conn.disconnect();
        } catch (Exception e) {
            // Handle exception
        }
    }
}

Mitigation and Patch

The developers of Bouncy Castle have released a patch to fix this issue in version 1.78 [3]. The new version resolves this problem by ensuring that when endpoint identification is enabled in the BCJSSE, the SSL socket's hostname verification is performed using the actual hostname. Users of Bouncy Castle are strongly encouraged to update to version 1.78 to protect their applications against this vulnerability.

To ensure that your Bouncy Castle library is up to date, you can update your project's configuration, for example in Maven:

<dependency>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bcprov-ext-jdk15on</artifactId>
  <version>1.78</version>
</dependency>

Or in Gradle

implementation 'org.bouncycastle:bcprov-ext-jdk15on:1.78'

Conclusion

The CVE-2024-34447 vulnerability in Bouncy Castle's Java Cryptography APIs before version 1.78 can lead to potential DNS poisoning and man-in-the-middle attacks. It is essential for developers using Bouncy Castle to be aware of this issue and update to the latest version to protect their applications from this risk.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447
[2] https://vulners.com/securityvulns/SECURITYVULNS:DOC:35622
[3] https://www.bouncycastle.org/releasenotes.html

Demo Image

DNS Poisoning Illustration

Timeline

Published on: 05/03/2024 16:15:11 UTC
Last modified on: 06/14/2024 13:15:51 UTC