mitm « iniqua

6Nov/09Off

TLS Renegotiation Indication Extension

Marsh Ray y Steve Dispensa han hecho pública la versión 1.1 del documento donde presentan un ataque MiTM basado en la renegociación TLS. En el comienzo del documento podemos leer:

There are three general attacks against HTTPS discussed here, each with slightly
different characteristics, all of which yield the same result: the attacker is able to
execute an HTTP transaction of his choice, authenticated by a legitimate user (the
victim of the MITM attack)

Esta versión del documento se ha traducido en un borrador de IETF:

Internet draft "Transport Layer Security (TLS) Renegotiation Indication Extension"

TLS [RFC5246] allows either the client or the server to initiate
   renegotiation--a new handshake which establishes new cryptographic
   parameters.  Unfortunately, although the new handshake is carried out
   over the protected channel established by the original handshake,
   there is no cryptographic connection between the two.  This creates
   the opportunity for an attack in which the attacker who can intercept
   a client's transport layer connection can inject traffic of his own
   as a prefix to the client's interaction with the server.
[...]
This attack can be prevented by cryptographically binding
   renegotiation handshakes to the enclosing TLS channel, thus allowing
   the server to differentiate renegotiation from initial negotiation,
   as well as preventing renegotiations from being spliced in between
   connections.  An attempt by an attacker to inject himself as
   described above will result in a mismatch of the extension and can

UPDATE:

Actualización para OpenSSL
Nov 5 17:20:01 2009 openssl-0.9.8l.tar.gz (MD5) (SHA1) (PGP sign) [LATEST]

OpenSSL CHANGES
_______________

Changes between 0.9.8k and 0.9.8l [5 Nov 2009]

*) Disable renegotiation completely - this fixes a severe security
     problem (CVE-2009-3555) at the cost of breaking all
     renegotiation. Renegotiation can be re-enabled by setting
     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
     run-time. This is really not recommended unless you know what
     you're doing.
     [Ben Laurie]

Más información en los siguientes enlaces

http://extendedsubset.com/?p=8
http://www.links.org/?p=780
http://sunbeltblog.blogspot.com/2009/11/man-in-middle-attack-uses-ssl.html
http://www.hispasec.com/unaaldia/4030
http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=renegotiating+tls
Prueba de concepto del ataque: http://packetstormsecurity.org/0911-exploits/ssl-mitm.c

Tagged as: mitm, tls Comments Off

Language

Síguenos en twitter

New post:: [Tool] XML-RPC Packet Generator http://www.iniqua.com/2010/09/01/tool-xml-rpc-packet-generator/ 2010/09/02
[tool] OpenDLP: massively distributable data loss prevention tool released under the GPL. - http://code.google.com/p/opendlp/ tw@OpenDLP 2010/08/29
[IPv6] Informe sobre las implantaciones de seguridad en la impantación de IPv6 - http://tinyurl.com/39ro9eg 2010/08/22
[news] "El ordenador de Spanair que anotaba los fallos en los aviones tenía virus" - El Pais. http://tiny.cc/uvpzo 2010/08/20
link: www.pythonsecurity.org - "home of the largest collection of information about security in the Python programming language" 2010/08/18

the cloud

backtrack crack cuda DoS exploit firefox firewall google hacking HTTP Internet Libre linux Low Cost MAC Malware mobile news nvidia owasp panda pcapr penetration perl phishing plugin proxy python scapy search Seguridad Software spotify Sun testing tool Tools trojan Tweets Twitter watchbot web win7 wordpress xss

iniqua

TLS Renegotiation Indication Extension

Language

Síguenos en twitter

the cloud

Categories

link's

Recent Posts