Three days ago on the 3rd of November Marsh Ray and Steven Dispensa of PhoneFactor released a whitepaper that describes a man in the middle attack against TLS and SSL v3 by using the “renegotiation” feature of the protocol. Let there be no mistake, this is a limited, but still serious attack.
This new attack adds to the issues published by Moxie Marlinspike, Dan Kaminski and Mike Zusman I blogged about earlier.
So what does this new attack do?
The attack described by Marsh Ray et al. exploits a feature of the TLS protocol called renegotiation. Renegotiation allows the TLS client or server to initiate a renegotiation of the encryption of the connection in order to refresh keys, increase authentication, increase the strength of the cipher suite or any other reason. This renegotiation can be performed by the server or the client by sending a server or client hello message.
Read more…
Categories: Security, SSL Tags: Attack, cross site request forgery, CSRF, Dan Kaminiski, e-commerce, https, Man in the Middle, Marsh Ray, Mike Zusman, Mitm, Moxie, Moxie Marlinspike, Online Banking, OpenSSL, renegotiation, request smuggling, Security, SSL, Steven Dispensa, TLS, TLS renegotiation, XSRF
The background: In the past, basic constraints where not properly checked, so any client certificate could be used to create another client certificate that would actually validate.
Moxie wrote the tool SSLSNIF is that is able to do a man in the middle attack on an SSL connection based on this vulnerability to proof to Microsoft that it could be exploited, contrary to what Microsoft said.
Even tough Microsoft and others fixed the vulnerability, the tool is still useful, mainly because people don’t pay attention to certificate warning. Also when the guys that made the fake CA certificate by means of the the MD5 collision use SSLSNIFF to actually exploit is.
But there are more ways to attack SSL then doing a man-in-the-middle attack; SSL Stripping
Read more…
