Language Selection

English French German Italian Portuguese Spanish

Another Protocol Bites The Dust

Filed under
Security

For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.

To make matters even worse, through a piece of (in retrospect) incredibly bad design, HTTP servers will, under some circumstances, replay that arbitrary prefix in a new authentication context. For example, this is what happens if you configure Apache to require client certificates for one directory but not another. Once it emerges that your request is for a protected directory, a renegotiation will occur to obtain the appropriate client certificate, and then the original request (i.e. the stuff from the bad guy) gets replayed as if it had been authenticated by the client certificate. But it hasn’t.

Not that the picture is all rosy even when client certificates are not involved.




Vulnerability in SSL/TLS protocol

h-online.com: According to reports, vulnerabilities in the SSL/TLS protocol can be exploited by attackers to insert content into secure connections. If this is correct, it would affect HTTPS and all other protocols which use TLS for security, including IMAP. The precise effects of the problem are not discussed in the reports. It would, however, appear to be possible to manipulate HTML content from websites during data transfer and, for example, inject malicious code.

The crux of the problem is, rather than a flawed implementation, a design flaw in the TLS protocol when renegotiating parameters for an existing TLS connection. This occurs when, for example, a client wants to access a secure area on a web server which requires the requesting client certificates. When the server establishes that is the case, it begins a renegotiation to obtain the appropriate client certificate. The original request gets replayed during this renegotiation as if it had been authenticated by the client certificate, but it has not. The discoverer of the problem describes this as an "authentication gap".

Rest Here

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Native Netflix, Ts'o on Systemd, and Fedora 21 Alpha a Go

In today's Linux news OMG!Ubuntu! is reporting that Netflix is coming to Linux, this time natively. Jack Germain reviews Opera 12.16. Steven J. Vaughan-Nichols talks to Theodore Ts'o about systemd. A preview of new Kmail show radical redesign. And finally today, Fedora 21 Alpha was approved for release! Read more

Ubuntu gets closer to debut in Meizu MX4 phone

The Ubuntu project announced a stable build for Ubuntu Touch phones, a week after Meizu tipped an Ubuntu version of the Meizu MX4 phone due in December. The Ubuntu for Phones team at the Canonical’s Ubuntu Project announced the arrival of the first image from the Ubuntu-rtm (release to manufacturing) distribution for phones. The announcement followed last week’s tease from Meizu, saying a version of the Android-based Meizu MX4 was on schedule for shipping with Ubuntu in December. Read more

Android L Will Keep Your Secrets Safer

Hard on the heels of increased security measures in Apple's newly released iOS 8, Google this week confirmed that encryption will be turned on by default in the next release of Android. Android has offered encryption for more than three years, and keys are not stored off the device, so they can't be shared with law enforcement, Google said. In the next Android release, encryption will be enabled by default. Read more

WHAT THE GNOME RELEASE TEAM IS DOING

At the release team BoF at this years Guadec, I said I would write a blog post about the whats and hows and ifs of release team work. I’m a little late with this, but here it is: a glimpse into the life of a GNOME release team member. We are in the end phase of the development cycle, when the release team work is really kicking into high gear. Read more