[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SSL/TLS MiTM PoC

To: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] SSL/TLS MiTM PoC
From: Anıl Kurmuş <akurmus@xxxxxxxxx>
Date: Wed, 11 Nov 2009 22:07:20 +0100

This flaw has been considered as unlikely to be exploited for HTTPS,
as it only allows the attacker to inject prefixes. By changing the
"trick" given by Marsh Ray, the attacker can increase his
possibilities. More detail, and an example of the use of a slightly
modified version of this PoC to steal twitter credentials over an SSL
link: http://securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

Cheers,

Anıl Kurmuş
---------------
GPG key:
http://perso.telecom-paristech.fr/~kurmus/key

On Thu, Nov 5, 2009 at 22:54, Pavel Kankovsky
<peak@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> It might not work with up-to-date OpenSSL.
> Fixing that is left as an exercise for the reader.
>
> --
> Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
> "For death is come up into our MS Windows(tm)..." \ 21st century edition /
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] SSL/TLS MiTM PoC
  - From: Pavel Kankovsky

Prev by Date: [Full-disclosure] [USN-853-2] Firefox and Xulrunner regression
Next by Date: [Full-disclosure] HP curiosity and vulnerability
Previous by thread: [Full-disclosure] SSL/TLS MiTM PoC
Next by thread: [Full-disclosure] [ MDVSA-2009:294 ] firefox
Index(es):
- Date
- Thread