11.37.26 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) | |
| Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations (server + openssl). I came across major websites where the SSL loadbalancer in front of the HTTPS servers were vulnerable. Although the servers were patched it still was possible to perform the attacks (The loadbalancer merged both sessions and handed them as one to the webserver) Updates : -------- - Added a simple s_client testcase - Analysis of FTPS (vendors are encouraged to assess) - HTTPS : Injecting arbritary _responses_ into the stream - HTTPS : Downgrading HTTPS to HTTP and performing an active mitm (Discovered by Frank Heidt but details witheld, rediscovered by Thierry Zoller for this paper) With this new information G-SEC encourages Vendors and customers to reevaluate the impact of this vulnerability on their products. Brief explanations : ^^^^^^^^^^^^^^^^^^^^ HTTPS : Injecting arbritary _responses_ into the stream ------------------------------ The attacker injects a TRACE command, by doing so the attacker can indirectly control the content that is send from the server to the victim over HTTPS Downgrading HTTPS to HTTP and performing an active mitm ------------------------------ This attack leverages the known SSLStrip attack to also work on establised SSL connections. SSLstrip had the limitation that it required a user to access over HTTP in order to rewrite the html code to perform active mitm. This attack over the TLS renegotiation vulnerability now allows (if certain conditions are met) to downgrade EXISTING SSL connections to perform an SSLstrip attack. Proof of concept files ^^^^^^^^^^^^^^^^^^^^^^ G-SEC provides 2 proof of concept files : - ssl-trace.c : using TRACE to inject (partialy) arbritary content into the encrypted stream - ssl-302.c : Injecting a GET command to a 302 page redirecting the client to HTTP Whitepaper : http://blog.g-sec.lu/2009/11/ POC files : http://www.g-sec.lu/tls-ssl- ------- This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing. Post: http://blog.g-sec.lu/2009/11/ Direct Download http://clicky.me/tlsvuln Disclaimer Information is believed to be accurate by the time of writing. As this vulnerability has complex implications this document is prone to revisions in the future. Thierry ZOLLER - G-SEC http://www.g-sec.lu Principal Security Consultant | |
|
| |
| Total comments: 0 | |