How To Fix CVE-2022-21449- Psychic Signatures Vulnerability In Java

A Security researcher from ForgeRock, Neil Madden disclosed and reported a vulnerability in the Cryptographic function in Java. The vulnerability is assigned a CVE ID CVE-2022-21449 with a CVSS score of 7.5, which is High in severity and is a digital signature bypass vulnerability in Java. The flaw is dubbed Psychic Signatures vulnerability, which allows attackers to easily forge some types of SSL certificates and TLS handshakes in a secured communication. This enables attackers to bypass signed JWTs, SAML assertions or OIDC ID tokens, and even WebAuthn authentication messages and intercept or even tamper with the communication on a secured encrypted channel. So it is highly important to fix the Psychic Signatures Vulnerability in Java. We urge everybody to learn how to fix CVE-2022-21449, Psychic Signatures Vulnerability, in your Java application. And, don’t forget to contact all your third-party application Vendors to fix this issue.

Let’s Learn About ECDSA Signatures:

It is important to The Elliptic Curve Digital Signature Algorithm (ECDSA) is a digital signature algorithm used to sign electronic documents. It is based on the elliptic curve cryptography (ECC) algorithm, which is used to generate public and private keys. ECDSA signatures are considered more secure than traditional RSA signatures, and they are also shorter and faster to generate. This made ECDSA prevalent in a place where speed and size is a deciding factor. Today, ECDSA emerged as a global standard for a wide range of signature algorithms except for a few algorithms like Windows Hello, which uses the RSA algorithm for older TPM comparability issues.

To tell in simple words, the ECDSA signature is made up of two values called r and s. To verify an ECDSA signature, the verifier compares a formula with r, s, the signer’s public key, and the message’s hash. The signature is valid if both sides of the equation are equal, otherwise, it is considered invalid and will be rejected. So it is much important that both r and s shouldn’t be ‘0’ to validate the signature. It is the first check to verify the values of r and s. The ECDSA signature verification process should ensure that values of r and s are both >= 1.

How Does Psychic Signatures Vulnerability Work In Java?

Java’s implementation of the ECDSA signature verification process is unable to verify if r or s is ‘0’. Due to this verification failure, Java will accept the signature as a valid signature even if r and s are ‘0’. This allows anybody to produce a signature with r and s ‘0’. Java will consider it as a valid signature for any message and for any public key. This means a blank ID card will be accepted as a valid ID card.

Here is the vulnerable implementation code of the interactive jshell session accepting a blank signature as a valid signature for an arbitrary message and public key:

|  Welcome to JShell -- Version 17.0.1 
|  For an introduction type: /help intro 
jshell> import java.security.* 
jshell> var keys = KeyPairGenerator.getInstance("EC").generateKeyPair() 
keys ==> java.security.KeyPair@626b2d4a 
jshell> var blankSignature = new byte[64] 
blankSignature ==> byte[64] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ... , 0, 0, 0, 0, 0, 0, 0, 0 } 
jshell> var sig = Signature.getInstance("SHA256WithECDSAInP1363Format") 
sig ==> Signature object: SHA256WithECDSAInP1363Format<not initialized> 
jshell> sig.initVerify(keys.getPublic()) 
jshell> sig.update("Hello, World".getBytes()) 
jshell> sig.verify(blankSignature) 
$8 ==> true 
// Oops, that shouldn't have verified...

Summary of CVE-2022-21449

Psychic Signatures Vulnerability is a digital signature bypass vulnerability in Java that is due to poor implementation of the Elliptic Curve Digital Signature Algorithm in Java. This signature bypass vulnerability makes Java accept a blank signature as a valid signature. Attackers could abuse this Psychic Signature vulnerability to bypass signed JWTs, SAML assertions or OIDC id tokens, and even WebAuthn authentication messages and intercept or even tamper with the communication on a secured encrypted channel.

The flaw is rated High in severity with a CVSS score of 7.5, considering no impact on Confidentiality or Availability. However, Neil Madden, a security researcher from ForgeRock, says that “It’s hard to overstate the severity of this bug” due to the wide range of impacts on different functionality in an Identity and Access Management (IAM) context and assigned a CVSS score of 10.0.

Java Versions Affected by Psychic Signatures Vulnerability

As per the OpenJDK advisory, the flaw CVE-2022-21449 impacts OpenJDK versions 15, 17, and 18. However, Oracle says that this flaw affects these versions of Oracle Java SE and Oracle GraalVM Enterprise Edition:

To your note, This vulnerability also affects Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code and rely on the Java sandbox for security. This flaw can be exploited by any application or service that is running Java 15, 16, 17, or 18. This would cover almost all WebAuthn/FIDO servers in the real world that use ECDSA signatures.

Psychic Signatures Vulnerability PoC

Khaled Nassar, a security researcher, has published a Proof-of-Concept to demonstrate Psychic Signatures Vulnerability in Java. In this PoC, the researcher used a vulnerable client and a malicious TLS server.

In this demonstration, the researcher installed a valid SSL certificate chain for www.google.com with an ECDSA pub key on the malicious server. On the other hand, he modified the crypto/ecdsa package to provide an improper signature with r = s = 0. Then the researcher showed how the vulnerable client validates this invalid signature allowing the rest of the TLS negotiation to progress.

Published by Khaled Nassar

How to Verify Your Java is Vulnerable to Psychic Signatures Vulnerability?

If you want to test ECDSA implementation on your Java application, there is an excellent project Project Wycheproof, a project developed and maintained by members of the Google Security Team.

Project Wycheproof is an open-source project that tests crypto libraries against known attacks. It contains a suite of tests for various cryptographic algorithms and implementations. Project Wycheproof helps library authors to ensure that their code is secure and helps users to check whether their crypto libraries are vulnerable to common attacks.

The Project Wycheproof test suite is available on GitHub and contains a list of supported libraries and algorithms, as well as information on how to contribute test cases.

How to Fix CVE-2022-21449- Psychic Signatures Vulnerability in Java?

How to fix Psychic Signatures Vulnerability in Java?

In this tutorial, we are going to show you how to fix CVE-2022-21449 by upgrading Oracle Java v17.0.2 to v17.0.3 on Ubuntu platform.

Step 1. Check the Java version on your machine

Run this command to check the Java version:

$ java -version

Step 2. Download the Java v17.0.3 for your platform

Use the wget command to download java 17.0.3:

$ wget –no-check-certificate https://download.oracle.com/java/17/archive/jdk-17.0.3_linux-x64_bin.deb

You can download any version of Oracle Java for your operating system from here.

Step 3. Install the downloaded Java package

Please ensure you have execution permission to install the Java package. We prefer to set the execution permission before proceeding with installation. Use chmod command to set the execution permission:

$ sudo chmod +x jdk-17.0.3_linux-x64_bin.deb

You can install the downloaded deb package either using dpkg or apt. We use apt since it is more close to the universe.

$ sudo apt install /home/arunkl/jdk-17.0.3_linux-x64_bin.deb

Enter ‘y’ to continue the installation.

Step 4. Java upgraded to v17.0.3

Check the version again after the successful installation of Java.

$ java -version

That’s it. You have successfully patched the Psychic Signatures Vulnerability in Java.

How to migrate to a Different version of  Java or JDK?

In the previous section, we showed how to upgrade Java to the next version (from v17.0.2 to v17.0.3). However, in this section, we will show you how to migrate from Java v17.x to v18.x. This method is the universal method, you can apply this to migrate between Oracle Java to OpenJDK or visa-versa.

Step 1: Download the JDK 18.0.1 (Latest at the time of writing this post)
$ wget –no-check-certificate https://download.oracle.com/java/18/archive/jdk-18.0.1_linux-x64_bin.deb

Step 2: Set execution permission
$ chmod +x jdk-18.0.1_linux-x64_bin.deb

Step 3: Install the Java deb package
$ sudo apt install /home/arunkl/jdk-18.0.1_linux-x64_bin.deb

Step 4: Set the new Java path as a environment variable
$ sudo nano /etc/environmentPATH=”:/usr/lib/jvm/jdk-18/bin”JAVA_HOME=”/usr/lib/jvm/jdk-18″

Step 5: Reboot the machine to save the changes or use source command to save the changes temporary
$ source /etc/environment$ echo $JAVA_HOME

Step 6: Set the new Java and Java compiner path directives
$ sudo update-alternatives –install “/usr/bin/java” “java” “/usr/lib/jvm/jdk-18/bin/java” 0$ sudo update-alternatives –install “/usr/bin/javac” “javac” “/usr/lib/jvm/jdk-18/bin/javac” 0$ sudo update-alternatives –set java /usr/lib/jvm/jdk-18/bin/java$ sudo update-alternatives –set javac /usr/lib/jvm/jdk-18/bin/javac

Step 7: List the installed java and their paths
$ sudo update-alternatives –list java

Step 8: Change the default Java version
$ sudo update-alternatives –config java

That’s it. This is how you can migrate between different versions of Java.

We hope this post helps you know How to Fix CVE-2022-21449- Psychic Signatures Vulnerability in Java. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.