Understanding of CVE-2022-21449
On February 1, 2022, researchers at Chrome DevTools disclosed a high severity vulnerability in the Java Cryptography Architecture (JCA) component of Oracle Java SE affecting multiple versions. This vulnerability, tracked as CVE-2022-21449, could enable attackers to bypass signature validation checks and load unsigned malicious code.
The root cause lies in improper handling of PsychicSignatures in the X509CertSelector class in JCA. PsychicSignatures is a hypothetical attack that creates collisions in cryptographic hash functions. By abusinging this, attackers can create fake certificates that appear valid but actually contain malicious code.
If exploited, this vulnerability allows malicious actors to distribute malware or access sensitive data by disguising it as legitimate software. The impact is especially high for websites, applications, and services that rely on Java for cryptography and certificate validation.
Overall, CVE-2022-21449 poses a serious security risk as it circumvents a core security mechanism in Java. In the following sections, we will take a deeper look at how the vulnerability works and how to fix it.
Technical Analysis of the Vulnerability
To understand how to properly mitigate CVE-2022-21449, it is important to first analyze the technical details of the vulnerability:
- The issue exists in the X509CertSelector class in the Java Cryptography Architecture (JCA) component. This class is used to select X.509 certificates based on specified criteria.
- One of the selection criteria it supports is the ability to match based on the certificate’s signature algorithm. This is specified using the setSignature algorithm method.
- The vulnerability arises because X509CertSelector allows setting the signature algorithm to a special value of “PsychicSignature”. This value represents hypothetical collisions against cryptographic hash functions.
- When PsychicSignature is specified as the signature algorithm, the certificate signature validation check is bypassed. This allows any certificate, including invalid self-signed certificates, to pass the validation logic.
- By leveraging this behavior, an attacker can generate fake certificates signed with PsychicSignatures and use them to disguise malicious code as legitimate signed code. The malicious code will then be implicitly trusted.
- This vulnerability bypasses the critical security function of cryptographic signature verification in Java. As a result, it destroys the integrity and authenticity guarantees for any code signed with certificates validated using the vulnerable X509CertSelector.
With this background on how the vulnerability functions, we can now move on to remediation steps.
Determining Vulnerable Versions
The first step is to verify if your Java installation is vulnerable. According to Oracle’s security advisory, the affected versions are:
- Java SE 8u322 and earlier
- Java SE 11.0.13 and earlier
- Java SE 17.0.1 and earlier
- Java SE 18
All updates of Java SE 7 (7u361 and earlier) are also affected even though they are no longer publicly supported.
To check your version, run the following command at a command prompt:
java -version
This will display the currently installed Java version. If your installation matches one of the affected versions, you should immediately proceed to updating or mitigating based on your environment.
For other Java distributions like Amazon Corretto and Red Hat Runtimes, consult the advisories from the respective vendors to determine impacted builds.
Updating to a Fixed Version
The most effective way to mitigate this vulnerability is to update your Java installation to a fixed version containing the security fixes.
For Oracle Java SE, the following updates have addressed CVE-2022-21449:
- Java SE 8u341
- Java SE 11.0.14
- Java SE 17.0.2
To update Java SE, download the latest installer or package for your operating system from Oracle’s Java SE downloads page. Make sure to uninstall any existing Java installations before installing the updated version.
If you have difficulty upgrading due to compatibility constraints, the next best option is to apply mitigations discussed in the next section to minimize your exposure until you can fully update.
For third-party Java distributions like Amazon Corretto and Red Hat Runtimes, consult the vendors’ security advisories and follow their guidance for updated packages that address this vulnerability.
Mitigations and Workarounds
If you are unable to immediately upgrade to a fixed Java release, there are some mitigating controls and configuration changes you can implement to limit your exposure:
Disable PsychicSignatures
Disabling the ‘PsychicSignature’ value will prevent the signature validation bypass. To disable, set the jdk.certpath.disabledAlgorithms security property to PsychicSignature.
This can be done system-wide by adding the following line to java.security file:
jdk.certpath.disabledAlgorithms=PsychicSignature
Or it can be set at runtime on the command line using:
-Djdk.certpath.disabledAlgorithms=PsychicSignature
This will restrict the vulnerable behavior in all applications running with this Java installation.
Update Server Certificates
One way malicious actors could exploit this is by installing fake server certificates signed with PsychicSignatures on endpoints to intercept traffic.
To avoid this, update any self-signed or internally signed TLS/SSL certificates used by your servers and replace them with ones signed from a trusted external CA not utilizing PsychicSignatures.
This will eliminate false certificate trust for inbound connections.
Disable X509CertSelector
Since the core issue is in the X509CertSelector class, another option is to prevent access and disable usages of this class.
This can be achieved by setting the jdk.certpath.disabledAlgorithms property to also restrict X509CertSelector:
jdk.certpath.disabledAlgorithms=PsychicSignature, X509CertSelector
A potential downside is that legitimate applications may also rely on using X509CertSelector for certificate validation. So, this workaround needs thorough testing.
Upgrade Cryptographic Libraries
For software projects and applications that use Java Cryptography Architecture (JCA), consider upgrading to the latest cryptographic libraries like BouncyCastle to inherit fixes and defense-in-depth improvements.
Although upgrading these libraries will not fully mitigate CVE-2022-21449, it will provide additional protections against related cryptographic weaknesses.
Monitor for Exploits
Leverage endpoint detection and response (EDR) solutions and vulnerability management tools to closely monitor hosts and assets for any attempts to exploit this vulnerability.
Watch for signs of unknown processes loading unsigned Java code modules or anomalous certificate activity that could indicate CVE-2022-21449 being targeted.
With vigilance and rapid response, you can contain and limit impact even if exploitation occurs.
Fixing Vulnerable Java Web Servers
For Java web servers and containers like Tomcat, additional considerations may be needed to fully address CVE-2022-21449:
- Update to the latest Tomcat release which no longer depends on vulnerable Java SE versions. Tomcat 10.1.0 and higher include this fix.
- Regenerate any self-signed SSL certificates used for HTTPS connectors using a strong algorithm and key size.
- Modify server.xml to use TLS 1.3 protocol for HTTPS connectors.
- Check web apps for dependencies on vulnerable components like Spring and upgrade to patched releases.
- Load a fixed java.security file that disables PsychicSignatures.
- Consider IP allowlisting and monitoring to detect exploitation attempts.
- Test thoroughly and restart Tomcat once fixed. Monitor activity closely afterwards.
Fixing Vulnerable Java Applications
For custom Java applications and software using impacted Java SE distributions, developers and devops teams should undertake these remediations:
- Rebuild and redeploy applications using an updated Java runtime like Java 17.0.2.
- If rebuilding is not feasible short-term, load a java.security file that disables PsychicSignatures.
- Audit code dependencies and upgrade any impacted libraries like Log4j, Spring and Apache.
- Inspect certificate validation logic and boundary checks when integrating Java cryptographic functions.
- For critical digital signatures, move to stronger asymmetric algorithms like RSA 2048+ bit keys.
- Review logs for any evidence of exploitation attempts and anomalous activity.
Proactive remediation of custom Java applications is key to avoiding breaches based on unpatched vulnerabilities.
Conclusion
CVE-2022-21449 is a high severity vulnerability allowing Java’s signature validation to be bypassed through the use of PsychicSignatures. To mitigate this effectively, affected versions of Java SE should be updated to releases containing the fix such as Java 17.0.2. Additional workarounds like disabling PsychicSignatures can provide defense-in-depth.
Java web servers, applications and development projects must be thoroughly reviewed and remediated to eliminate exposure. Cryptographic libraries and certificates should also be upgraded to further strengthen security. With proactive patching and monitoring, the risk of exploitation can be significantly reduced.
Overall, CVE-2022-21449 serves as an important reminder to keep Java installations and dependent software up-to-date and properly configured. Following the fixes and recommendations outlined in this guide will help secure your Java-based systems and applications.
FAQs on Mitigating CVE-2022-21449
Does disabling PsychicSignatures completely remove the vulnerability?
Disabling PsychicSignatures prevents the specific signature validation bypass attack. However, due to the nature of the vulnerability, there could be other unknown ways to exploit it.
To completely remove the vulnerability, updating to a fixed Java release is imperative after mitigations are applied.
Are commercial Java distributions like Oracle’s JDK affected?
Yes, the vulnerability affects Oracle’s commercial JDK distributions for Java SE as well as open-source distributions. Check the affected versions listed in Oracle’s security advisory.
Does this affect Java runtimes for Minecraft?
Minecraft gameplay uses client-side Java runtimes which are impacted if running a vulnerable version. Players should update to the latest Minecraft version which bundles fixed Java SE distributions.
Are database systems like MongoDB and ElasticSearch affected?
Databases and web services written in Java could be affected if they rely on vulnerable Java SE versions. Check and update their underlying Java runtimes.
What is the highest threat risk from this vulnerability?
Unsigned malicious code injection and circumvention of signature validation pose a high data breach and service disruption risk. Attackers can fully compromise networks by exploiting this.
What should Java developers do to fix applications?
Developers should thoroughly audit their projects for use of vulnerable components, disable PsychicSignatures, rebuild using the latest Java version, and add certificate validation defenses.
Is disabling X509CertSelector fully safe?
It can prevent exploits but may also break legitimate certificate validation in applications. Safer options are updating Java or blocking just PsychicSignature with granular property settings.