Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man-In-the-Middle Vulnerability For SSL and TLS

Posted by Soulskill on from the alphabet-soup dept.

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

16 of 170 comments (clear)

  1. We need to invest in Quantum Physics. by jellomizer · · Score: 4, Funny

    Only with quantum physics can we actually get a secure data transfer. Or not or both.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:We need to invest in Quantum Physics. by PiSkyHi · · Score: 5, Funny

      Come on moderators, its a joke - Yes, I realise its both funny and not funny at the same time.

    2. Re:We need to invest in Quantum Physics. by L4t3r4lu5 · · Score: 3, Insightful

      Unfortunately, that's incorrect. By hearing (reading) the joke, you have observed its state. This has destroyed the alternative quantum state of the joke.

      What will really irritate quantum physicists in this instance is that, unfortunately, the joke is both funny and unfunny at the same time. The state of the joke relies upon the opinion of the observer, not any quantum juxtaposition.

      In fact, I'm not so sure this is related to quantum phy... Oh.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    3. Re:We need to invest in Quantum Physics. by mcgrew · · Score: 3, Funny

      Damn you, Quantum Physics!!

      --
      Free Martian Whores!
  2. Re:oh joy by Albanach · · Score: 4, Insightful

    Millions of potential exploiters didn't know about it, until now.

    Millions of ordinary people didn't know there was a vulnerability until now. Who knows how many bad guys knew already though?

    Knowing of a potential vulnerability allows people to alter their behaviour if they deem that an appropriate response. Systems administrators can examine setups to see if they can use other methods to secure communications and it also allows all those who have written applications to examine their code.

    I'd rather know of a vulnerability and respond, than not know while others are potentially exploiting it.

  3. Re:oh joy by think_nix · · Score: 4, Informative

    I wouldn't be so sure on that, anyone can read a mail-listing Ill quote this from Marsh Ray on the ietf mail list:

    I can confirm the severity of the TLS MITM bug. I've had a working
    exploit going since the end of August.

    Steve Dispensa and myself put together (with help of many of course) an
    industry working group to address it. I think we were successful in
    producing a preliminary fix, which vendors are in various stages of
    testing and deployment.

    We'd agreed to responsibly delay disclosure to give the industry time to
    coordinate the fix.

  4. Its a quantum man in the middle attack by Viol8 · · Score: 5, Funny

    Its the same man in all 3 places.

  5. Dissabling SSL re-negotiation? by AbbeyRoad · · Score: 4, Insightful

    Am OpenSSL patch (http://www.links.org/files/no-renegotiation-2.patch) disables SSL
    renegotiation, closing the security hole.

    But let me ask this : who would ever require SSL renegotiation in practice?

    I mean seriously -- changing the cipher in the middle of an SSL session??
      -- no mainstream scenario would ever do this.

    A question comes to mind why renegotiation was ever supported in the first place.

    The next question is what OTHER seldom-used "features" are supported by
    most SSL implementations that are just supported so that the implementation
    can claim full RFC compliance, but are never actually used by real web sites.

    My own SSL builds disable everything except RC4-*-RSA

    1. Re:Dissabling SSL re-negotiation? by dopodot · · Score: 5, Informative

      It's more than changing the cipher type, it's also negotiating up from anonymous client to verified client. The second situation occurs ALL THE TIME in web services that require different levels of trust for different content within the same site. So it's not a "seldom-used" feature in the least.

    2. Re:Dissabling SSL re-negotiation? by Anonymous Coward · · Score: 5, Informative

      "But let me ask this : who would ever require SSL renegotiation in practice?"

      from,

      http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html

      SSL renegotiation is useful in the following situations, once you have established an ordinary SSL session:

              * When you require client authentication
              * When you are using a different set of encryption and decryption keys
              * When you are using a different set of encryption and hashing algorithms

      The last two are kind of useless in practice. The first one is very useful to authenticate the client. Actually, if this is the only way to verify client cert, then SSL renegotiation is vital part of SSL.

  6. Re:Maybe because the "hackers" are writing the cod by Hatta · · Score: 3, Informative

    Never attribute to malice that which may be adequately explained by incompetence. There is of course always the possibility that someone would do this on purpose. But I still trust people who let us see the code more than those who don't.

    --
    Give me Classic Slashdot or give me death!
  7. Re:How does this compromise SSL? by Anonymous Coward · · Score: 3, Interesting

    Actually, this isn't true. This attack only allows for injecting data into the request from the client to the server. The attacker doesn't even get to see the result, much less modify it.

    Basically, the only thing the attacker gets is the ability to make the client's browser request whatever the attacker wants. You know, the kind of thing you could do with a simple injected IMG tag.

  8. Re:Wrong Impression? by John+Hasler · · Score: 5, Insightful

    You pay money to certificate providers so that your customers won't be frightened away by scary browser warnings.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  9. Re:Disabling SSLv3 in Firefox by Nursie · · Score: 4, Insightful

    Of course it is! This is terrible advice!

    SSLv2 isn't widely used any more precisely because it's got systemic vulnerabilities. What's needed is a new revision of the protocol or the removal of the renegotiation feature.

  10. Re:Use PGP/GNUPG auth by schon · · Score: 4, Insightful

    Let the user [...] be responsible for their own security

    Yes, because as all of the botnets have shown, that works so well in practice.

  11. Client certificates only? is this important? by Xylantiel · · Score: 4, Interesting

    The linked articles only discuss authentication via client certificates, which seems pretty rare currently. How does this vulnerability actually impact the "usual" web commerce usages of SSL, which involves a server certificate? Also it does not appear that there is any way to force a re-negotiation from outside. And while re-negotiation appears common for client certs, I would expect it to be somewhat uncommon for server certs except for the initial up-negotiation to a secure connection for TLS. How important is this for the common-use cases of e-commerce and banking?