Deprecated SHA-1 certificates trip up SAP Ariba

SAP Ariba advised its customers to use unpatched browsers in order to avoid being blocked or triggering error messages related to the use of the deprecated SHA-1 certificates for its legacy portals -- despite the recent discovery of hash collision attacks against the algorithm.

Google announced its plans to stop trusting SHA-1 certificates in 2014, and starting early this year people using the latest version, 56, of the Chrome browser began being blocked when attempting to access websites using the certificates. Mozilla Firefox version 52 also blocks by default access to websites using the deprecated SHA-1 certificates, while Microsoft plans to block them in its Internet Explorer and Edge browsers.

Despite those SHA-1 deprecation efforts, as well as news last month that security researchers had officially broken the algorithm with a collision attack, SAP Ariba is sticking with SHA-1 to accommodate legacy users -- for now.

"Millions of companies around the world are connected to the Ariba network. And they are all at different stages in their journeys to adopt security upgrades. We recognize that we can't draw a line in the sand and force them to migrate before they are ready," Lakshmi Hanspal, chief security officer at SAP Ariba, told SearchSecurity. "Instead, we need to meet them where they are in their journey and bring them along with us."

Hanspal added that those customers not yet ready to migrate could continue to use SAP Ariba's "legacy front door, which will become SHA-2 compliant on March 16." Ariba, a cloud-based sourcing and procurement vendor, was purchased by SAP in 2012 for $4.3 billion.

In a webpage titled, "Browser Privacy and Security Warnings," SAP Ariba told users: "In order to continue accessing all features within the SAP Ariba solution suite until the web server certificates are updated, please use the below recommended certified browsers," followed by a list of recommended browsers including Google Chrome versions 53-55, Internet Explorer version 11, 32-bit (without security update of Feb 14, 2017) and Safari 10, 64-bit (without security update pending release Spring 2017).

According to Hanspal, even though SAP Ariba posted SHA-2 certificates in late February and early March for its legacy front door sites, SAP Ariba's "migration to SHA-256 was completed in December 2016," and for non-legacy users the websites were already "highly compatible with TLS 1.2 and SHA-2."

"We are aware that browsers are working toward blocking access to SHA-1 websites," Karen Master, vice president of communications at SAP Ariba, explained. "After careful consideration, we believe a March update is in the best interest of our customers and will best meet their needs based on where they are in their journeys."

Not everyone agreed with that assessment.

"This sort of behavior on the part of a major enterprise vendor is inexplicable," said Kenneth White, a security architect and director of the Open Crypto Audit Project. "The CA/Browser Forum has been warning product teams for well over two years of the coming changes to increase the minimum baseline standard for SHA-1 certificate signatures. There is no good reason for companies to have to scramble because of SAP [Ariba] dragging their feet on this update.

"And the mitigation advice is terrible -- they are literally encouraging business users to actively ignore security errors in the browser, in effect undermining the confidentiality and integrity of data flowing through their system. It's really mind-boggling."

In a product security bulletin about the deprecation of SHA-1 certificates in January, SAP Ariba stated: "While we consider this type of attack to be impractical for all but the most motivated attackers, we want our customers to trust our security. Furthermore, we do not want users to become accustomed to ignoring the warnings that their browsers alert them to. Therefore, we are addressing this issue using a concept that we call the 'Dual Front Door' concept, which is available in production as of December 14, 2016."

Experts have been calling to deprecate SHA-1 as far back as 2005 when cryptographer Bruce Schneier brought attention to problems with SHA-1 and MD5. The SHA-1 algorithm was deprecated in 2010 by NIST for protecting government data and in 2011 by the IETF for cryptographic use on the internet.

The SHA-1 deprecation campaign gained momentum in 2015 when researchers reported a successful brute force attack on SHA-1 was already within reach for an attacker with relatively little computing resources to create fake websites that appeared legitimate.

In December 2015, Google announced it was considering accelerating its SHA-1 deprecation timetable for the Chrome browser; version 56 of the browser currently flags SHA-1-signed websites as insecure. Mozilla announced last year that starting with Firefox version 51 Firefox would also flag websites signed with SHA-1certificates, and Microsoft has also deprecated support for SHA-1.