1. Home
  2. CWE Database
  3. CWE-593
Variant · Low-Medium

CWE-593: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

The product modifies the SSL context after connection creation has begun.

CWE-593 · Variant Level ·3 Mitigations

Description

The product modifies the SSL context after connection creation has begun.

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

Potential Impact

Access Control

Bypass Protection Mechanism

Confidentiality

Read Application Data

Demonstrative Examples

The following example demonstrates the weakness.
Bad
#define CERT "secret.pem"#define CERT2 "secret2.pem"
                     int main(){
                        SSL_CTX *ctx;SSL *ssl;init_OpenSSL();seed_prng();
                           ctx = SSL_CTX_new(SSLv23_method());
                           if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1)int_error("Error loading certificate from file");
                           
                           if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1)int_error("Error loading private key from file");
                           
                           if (!(ssl = SSL_new(ctx)))int_error("Error creating an SSL context");
                           
                           if ( SSL_CTX_set_default_passwd_cb(ctx, "new default password" != 1))int_error("Doing something which is dangerous to do anyways");
                           
                           if (!(ssl2 = SSL_new(ctx)))int_error("Error creating an SSL context");
                        
                     }

Mitigations & Prevention

Architecture and Design

Use a language or a library that provides a cryptography framework at a higher level of abstraction.

Implementation

Most SSL_CTX functions have SSL counterparts that act on SSL-type objects.

Implementation

Applications should set up an SSL_CTX completely, before creating SSL objects from it.

CWE-666: Operation on Resource in Wrong Phase of Lifetime

The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpe...

CWE-1390: Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does ...

Frequently Asked Questions

What is CWE-593?

CWE-593 (Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product modifies the SSL context after connection creation has begun.

How can CWE-593 be exploited?

Attackers can exploit CWE-593 (Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created) to bypass protection mechanism. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-593?

Key mitigations include: Use a language or a library that provides a cryptography framework at a higher level of abstraction.

What is the severity of CWE-593?

CWE-593 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.