Java Suffers from Crypto Bug That Could Allow Attackers to Bypass Digital Signatures, Oracle Releases Fix

Flaw in the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) in Java versions 15 and above poses a potential risk, as cybercriminals could exploit it to forge Secure Sockets Layer (SSL) certificates, signed JSON Web Tokens (JWTs), and two-factor authentication messages. Discovered last year by Neil Madden of security consultancy firm ForgeRock, the issue, tracked as CVE-2022-21449, was privately reported to Oracle in November. Although Oracle patched it recently, the time it takes for organizations to update their systems could leave devices vulnerable.

The security loophole, considered a significant blunder by the community, was part of more than 500 fixes implemented by Oracle. Despite Oracle’s severity rating of 7.5 out of 10, experts, including ForgeRock, argue for a severity rating of 10 due to the broad impact on various functionalities. Madden emphasizes that attackers, leveraging the flaw, could forge SSL certificates, signed JWTs, SAML assertions, OIDC id tokens, and WebAuthn authentication messages, essentially manipulating digital data as if it were a blank canvas.

The flaw originated during the rewrite of elliptic curve cryptography from native C++ to Java in the release of Java 15. Madden underscores that the bug allows attackers to use a blank signature, akin to a “psychic paper,” enabling them to gain unauthorized access to systems or networks. The flaw arises from Java’s ECDSA signature verification, which fails to check if the values R or S are zero, making it possible to produce a seemingly valid signature for any message and public key.

Security experts, including Thomas Ptacek, label this issue as the “crypto bug of the year,” highlighting its severity. Sophos points out that the impact extends beyond Java servers, affecting any device within a network consuming digitally-signed data. While the affected Java versions (Java 15 to 18) are not as widely used as previous releases, IT administrators and organizations are strongly advised to promptly update their Java versions to mitigate the risk of potential future attacks.