Password theft via vulnerability in SSL/TLS protocol
The vulnerability in the design of the SSL/TLS protocol revealed earlier this month can apparently be used to carry out attacks in practice. On his blog, student Anil Kurmus reports that he was able to steal a Twitter password by using a man-in-the-middle attack. Until now it had been assumed that the problem was largely theoretical and would be made manifest only in very limited scenarios. The design weakness can be exploited by attackers to inject content into secure connections.
In his attack, Kurmus appended a test victim's encrypted HTTPS request to his own Twitter request, effectively as a tweet. This does not allow the content of the packet to be viewed directly, but following decryption, the web server combines the two packets into one as a result of the TLS renegotiation vulnerability. In Kurmus' test, this resulted in the victim's HTTP request appearing as a tweet on Kurmus' Twitter account with the victim's user name and password visible in easily-decoded Base64 encoded form.
According to the report, Twitter introduced a fix last week which prevents exploitation of this vulnerability. Kurmus' report omits specific details of how he triggered the TLS renegotiation in his attack, but there are several ways of achieving this. Using SSL client certificates as described in the original vulnerability report is just one possible approach.
Other web services in which an HTTP request containing the victim's login details can be displayed as content, such as wikis, are in theory also affected by this problem. It would also be possible for an attacker to email himself a victim's cookie via a webmail service.
The OpenSSL development team have responded to the problem by no longer allowing TLS renegotiation in version 0.9.8l. This can, however, result in some services no longer working properly. Numerous vendors, including Cisco and Juniper, have confirmed that their products are also vulnerable. The initial report on the problem focused primarily on the Apache and IIS web servers.
See also:
- Vulnerability in SSL/TLS protocol, a report from The H.
(djwm)