Mozilla Foundation Security Advisory 2014-80

Key pinning bypasses

Announced
October 14, 2014
Reporter
Patrick McManus, David Keeler
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 33
  • SeaMonkey 2.30

Description

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. This leads to possible man-in-the-middle attacks if an attacker has control of the DNS connection and the ability to obtain a fraudulent certificate that browsers would accept in the absence of the pin.

Mozilla security engineer David Keeler discovered that when there are specific problems verifying the issuer of an SSL certificate, the checks necessary for key pinning would not be run. As a result, the user is then presented with the "Untrusted Connection" error page, which they can use to bypass the key pinning process on a site that should be pinned. This error message is always shown to the user and cannot be used to silently bypass key pinning on affected sites.

Key pinning was first introduced in Firefox 32 and currently only covers a small number of built-in sites.

References