TLS renegotiation authentication GAP. Yes, it is really a serious vulnerability

Similar documents
Security Protocols/Standards

TLS / SSLv3 renegotiation vulnerability explained

TLS/SSL in distributed systems. Eugen Babinciuc

Implementation Vulnerabilities in SSL/TLS

SSL and Browsers: The Pillars of Broken Security

Snow Agent System Pilot Deployment version

Public Key Infrastructure (PKI)

Is Your SSL Website and Mobile App Really Secure?

Instructions on TLS/SSL Certificates on Yealink Phones

Secure Frequently Asked Questions

Pen Testing Methodology Gueststealer TomCat Zero Day Directory Traversal VASTO

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Using etoken for Securing s Using Outlook and Outlook Express

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

Secure HTTP

ERserver. iseries. Secure Sockets Layer (SSL)

Internet Banking System Web Application Penetration Test Report

Application Design and Development

Where every interaction matters.

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Criteria for web application security check. Version

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Hack Proof Your Webapps

The Top Web Application Attacks: Are you vulnerable?

Passing PCI Compliance How to Address the Application Security Mandates

Attack and Penetration Testing 101

Enabling Security Features in Firmware DGW v2.0 June 22, 2011

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

SSL implementieren aber sicher!

ERserver. iseries. Securing applications with SSL

Savitribai Phule Pune University

Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day. SSL Certificate - Subject Common Name Does Not Match Server FQDN

A Study of What Really Breaks SSL HITB Amsterdam 2011

E Mail Encryption End User Guide

Security vulnerabilities in new web applications. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

HTTPS is Fast and Hassle-free with CloudFlare

History of the TLS Authentication Gap Bug. Marsh Ray Steve Dispensa PhoneFactor

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Security aspects of e-tailing. Chapter 7

SSL BEST PRACTICES OVERVIEW

Network Security - ISA 656 Review

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Securing Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly

Our Key Security Features Are:

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Sichere Software- Entwicklung für Java Entwickler

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Securing PostgreSQL From External Attack

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

Topics in Network Security

Specific recommendations

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

DEF CON 19: Getting SSLizzard. Nicholas J. Percoco Trustwave SpiderLabs Paul Kehrer Trustwave SSL

Lecture 10: Communications Security

ISY994 Series Network Security Configuration Guide Requires firmware version Requires Java 1.7+

Michael Coates michael-coates.blogspot.com

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

Thick Client Application Security

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Breaking the Security Myths of Extended Validation SSL Certificates

Linux Deployment Guide. How to deploy Network Shutdown Module for Linux

Understanding Digital Certificates and Secure Sockets Layer (SSL)

How to scan/exploit a ssl based webserver. by xxradar. mailto:xxradar@radarhack.com. Version 1.

CS558. Network Security. Boston University, Computer Science. Midterm Spring 2014.

Security First Umbrella

Contents Security Centre

Clearswift Information Governance

Web Application Report

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

New Systems and Services Security Guidance

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

CERTIFICATES AND CRYPTOGRAPHY

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

The Beautiful Features of SSL And Why You Want to Use Them?

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

PowerChute TM Network Shutdown Security Features & Deployment

Transport Layer Security (TLS) About TLS

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Objectives. Security. Fixing Our JSTL Problem. Web Application Architecture. Web Security. A few lines of code can wreak more havoc than a bomb.

How To Understand And Understand The Security Of A Key Infrastructure

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

P309 - Proofpoint Encryption - Decrypting Secure Messages Business systems

Common Security Vulnerabilities in Online Payment Systems

How to complete the Secure Internet Site Declaration (SISD) form

TELNET CLIENT 5.0 SSL/TLS SUPPORT

Transcription:

TLS renegotiation authentication GAP Yes, it is really a serious vulnerability

Agenda» Why do we use TLS/SSL? A typical SSL session» What is renegotiation? An SSL renegotiated session» The attack» The consequences Ordering pizza Stealing twitter passwords» The (lack of) patches

Why do we use TLS/SSL?» TLS is intended to provide: Confidentiality Integrity Non repudiation» Intended to secure communication over an non-trusted channel» Certificates prove identity of Server (and client) and should make MitM attacks impossible

A typical SSL Session

What is renegotiation? Client and server are allowed to initiate renegotiation of the session encryption in order to:» Refresh keys» Increase authentication» Increase cipher strength» Any other reason they see fit Renegotiation happens if client or server sends a hello message E.g. a webserver has some directories that require certificate authentication and some that don t

A typical renegotiated SSL session

A typical renegotiated SSL session

The attack No cipher context MitM cipher context

The attack No cipher context MitM cipher context Client cipher context

The consequences Integrity of the original request» Attacker can insert data (text) in front of anydata sent by client Integrity of reply» Attacker cannot modify reply, but can prevent that reply reaches client Confidentiality» Attacker cannot decrypt request or reply Non repudiation» It can not longer be guaranteed that therequest is the request intended by client, even when client certificates are used

The consequences - Ordering pizza Normal pizza ordering query: GET /pizza?toppings=ansjovis;address=andrzejs%20place\n Cookie: andrzejwillpayyourpizza\n \n Attacker sends: GET /pizza?toppings=pepperoni;address=franks%20place\n X-ignore-next: Query becomes: GET /pizza?toppings=pepperoni;address=franks%20place\n X-ignore-next: GET /pizza?toppings=ansjovis;address=andrzejs%20place\n Cookie: andrzejwillpayyourpizza\n \n

The consequences - Stealing twitter passwords Confidentiality wasn t broken, but still passwords where stolen. Here s how I think they did it Victim message: POST /statusses/update.xml\n Authorisation: Basic <victims base 64 creds>\n User-agent: <some user agent> Status=Victims status\n Etc.. Injected message: POST /statusses/update.xml\n Authentication-basic: <attacker creds>\n Status=

Consequences - Stealing twitter passwords Becomes: POST /statusses/update.xml\n Authentication-basic: <attacker creds>\n Status=POST /statusses/update.xml\n Authorisation: Basic <victims base 64 creds>\n User-agent: <some user agent> Status=Victims status\n Etc..

The consequences - Stealing twitter passwords

The (lack of) patches (as of 18-11-2009) IETF» There is a proposed draft that addresses this issue (Draf Rescorla TLS renegotiation 01) OpenSSL» Workaround (disable renegotiation) is available for download (OpenSSL 0.9.8l)» Fix (based on rescorla draft) is being tested (OpenSSL 0.9.8m) Microsoft» Currently testing interoperability» ISS6 and IIS7 not vulnerable for client initiated renegotiation Cisco» Initial testing stage F5» Workaround is availble (disable renegotiation completly)» Fix in initial testing stage Mozilla/Firefox/Thunderbird/NSS» Initial testing Sun» Initial testing GNU utils» Mostly not affected» Initial testing RSA BSAFE suite» Limited beta Opera» Initial testing

Sources March Ray:» http://extendedsubset.com/» http://extendedsubset.com/renegotiating_tls.pdf» http://extendedsubset.com/renegotiating_tls_pd.pdf Phonefactor» http://www.phonefactor.com/sslgap/ssl-tls-authentication-patches Ekron» http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html Anil Kurmus» http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html F5» http://devcentral.f5.com/weblogs/cwalker/archive/2009/11/06/20-lines-or-less-31-ndash-traffic-shapingheader-re-writing.aspx

Questions?

Want to know more? Frank Breedijk» Security Engineer at Schuberg Philis» Author of AutoNessus» Blogger for CupFigther.net Email: fbreedijk@schubergphilis.com Twitter: @autonessus Blog: http://cupfighter.net Project: http://autonessus.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information