A serious design flaw in the SSL and TLS protocols has been kept secret since its discovery in August. Major technology companies have been privately informed and are working on patches under a non-disclosure agreement since the end of September.
The issue is caused by authentication gaps that get created during SSL and TLS session renegotiation and can be exploited in a man-in-the-middle (MitM) attack scenario. According to the researcher who discovered the bug, an attacker can potentially leverage it to inject arbitrary plain text into what should theoretically be a secure session.
The problem was identified by a software engineer and researcher named Marsh Ray, who works for PhoneFactor, a company that develops a tokenless two factor authentication system. The researcher notes on his blog that he began suspecting the existence of this type of bug in early August, while reviewing some third-party code. "Many late nights and weekends later, I had enough evidence to talk about, and at the beginning of September, I had a working exploit and demoed it to Steve Dispensa (PhoneFactor CTO)," he explains.
Understanding the seriousness of the discovery, the two professionals got in touch with several major vendors, including members of the Internet Engineering Task Force (IETF) and the Industry Consortium for Advancement of Security (ICASI), as well as the developers of various open-source implementations, such as OpenSSL. At a meeting held on 29 September at the headquarters of an unnamed company based in Mountain View, the affected parties agreed to sign a non-disclosure agreement and silently start working on patches.
The plan to keep this a secret due to the obvious security implications was involuntarily ruined by Martin Rex, a different security researcher who independently discovered the same issues and publicly disclosed them on an industry mailing list. "Martin’s early proposal may differ in a few details and lack the research time and working exploit that Steve and I had developed, but it clearly identifies the core problem and effectively represents public knowledge of the bug," says Marsh Ray in support of his decision to publish technical details.
Fortunately, early indications from the infosec community is that his bug cannot only be exploited to perform mass attacks and even then several other conditions must be met, such as combining it with other vulnerabilities in other software. However, Steve Dispensa told The Register that "There is consensus among the biggest vendors in the world that it's a big problem." Sure enough, their actions so far have suggested this.
Mr. Dispensa also reports that some vendors have already developed patches, which will soon be deployed, while others are still working on them. This process is expected to last until the end of the year.