Issue #21879 has been updated by rhenium (Kazuki Yamaguchi). Subject changed from SSLBypass to OpenSSL::SSL::SSLContext does not perform peer verification by default Description updated Status changed from Open to Rejected Please include the description in the description field rather than as a PDF attachment. `OpenSSL::SSL::SSLContext.new` uses the OpenSSL defaults, which don't enable peer verification. TLS is more than just HTTPS and there is no single common set of secure defaults that would be appropriate for all use cases. `OpenSSL::SSL::SSLContext#set_params` (which I must admit is pretty confusingly named) provides a minimal configuration for typical HTTPS clients connecting to public hosts. As pointed out by @ahorek, the example code in `ScriptsPOC.pdf` explicitly disables certificate verification, so the observed behavior is expected regardless of what defaults `OpenSSL::SSL::SSLContext.new` might have. ---------------------------------------- Bug #21879: OpenSSL::SSL::SSLContext does not perform peer verification by default https://bugs.ruby-lang.org/issues/21879#change-116454 * Author: sh2ll (Chmouel Taieb) * Status: Rejected * Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN, 4.0: UNKNOWN ---------------------------------------- There is not enough space for photos upload --- [CRITICAL] SSL/TLS Certificate Verification Bypass via Insecure Defaults Summary The implementation of the OpenSSL::SSL::SSLContext class contains a critical security flaw where the constructor (initialize) explicitly disables all forms of certificate and hostname verification. This overrides secure DEFAULT_PARAMS and forces the application to trust any certificate presented during a TLS handshake, including self-signed or malicious certificates. Technical Details …\openssl\lib\openssl\ssl.rb ``` def initialize(version = nil) self.ssl_version = version if version self.verify_mode = OpenSSL::SSL::VERIFY_NONE # Vulnerability: Disables peer verification self.verify_hostname = false # Vulnerability: Disables hostname matching end ``` By setting VERIFY_NONE, the application skips the validation of the certificate chain. By setting verify_hostname to false, it fails to ensure that the certificate belongs to the server it is connecting to. Impact This vulnerability facilitates a Man-in-the-Middle (MitM) attack. An attacker positioned on the same network or with control over DNS can: 1. Interception: Decrypt and read sensitive traffic (API keys, credentials, PII) in plaintext. 2. Manipulation: Modify requests or server responses without the application's knowledge. 3. Data Theft: Fully compromise account sessions and backend integrations. Proof of Concept (PoC) 1. Attacker Setup (Listener) A malicious server was created using a self-signed certificate to mimic api.secure-bank.com. ``` # Attacker.rb snippet ssl_context.cert = self_signed_cert ssl_context.key = private_key ssl_server = OpenSSL::SSL::SSLServer.new(TCPServer.new(4444), ssl_context) ``` 2. Victim Execution The victim script, using the vulnerable SSLContext logic, connected to the attacker. ``` # Victim.rb snippet ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE # Connection succeeds despite invalid certificate ``` 3. Result (Captured Data) The attacker successfully captured the following "encrypted" payload in plaintext: ``` Captured Header: POST /login HTTP/1.1 Captured JSON Body: {"user": "victim", "pass": "BountyHunter2026"} ``` ARP Spoofing exploit/DNS Spoofing exploit/The exploit relies on Layer 2 (Data Link) vulnerability to achieve a Layer 7 (Application) data breach. The application's job is to protect data even if the network is compromised. While modern network hardware can implement 'Dynamic ARP Inspection' (DAI) to prevent the redirection of traffic, the application's failure to verify SSL certificates ensures that even in 'secure' environments, a single compromised node or a malicious DNS entry can lead to total credential exposure. If the router itself is hacked, DAI won't help because the router is the one doing the redirecting.If a user is tricked into using a malicious proxy server (WPAD attack), the Ruby script will connect through it and bypass security.. Recommended Remediation ruby opensll library in current github repository. …\openssl\lib\openssl\ssl.rb ``` def initialize(version = nil) self.set_params(DEFAULT_PARAMS) # Use defined secure defaults self.verify_mode = OpenSSL::SSL::VERIFY_PEER self.verify_hostname = true self.cert_store = OpenSSL::X509::Store.new self.cert_store.set_default_paths self.ssl_version = version if version end ``` Severity ● Severity: Critical (8.1) ● CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H ---Files-------------------------------- Critical SSL Verification Bypass Report.pdf (87.4 KB) ScriptsPOC.pdf (49.5 KB) -- https://bugs.ruby-lang.org/