Skip to Content.
Sympa Menu

cacert-sysadm - Re: new SSL Attacks

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: new SSL Attacks


Chronological Thread 
  • From: Ian G <iang AT iang.org>
  • To: Ian G <iang AT iang.org>
  • Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, "CAcert Code Development list." <cacert-devel AT lists.cacert.org>
  • Subject: Re: new SSL Attacks
  • Date: Fri, 31 Jul 2009 07:15:16 +0200

OK, so it now seems that this is a stupid "null in string" issue that fools (?) both CAs and browsers. This is not an attack on the protocol but "many implementations."

So big question for CAcert: can a NULL be accepted in any string in the request for a certificate? And result in a NULL into the cert itself?

So far the CAs that are embarrassed are unnamed...

iang


http://www.wired.com/threatlevel/2009/07/kaminsky/
============================
... When an attacker who owns his own domain — badguy.com — requests a certificate from the CA, the CA, using contact information from Whois records, sends him an email asking to confirm his ownership of the site. But an attacker can also request a certificate for a subdomain of his site, such as Paypal.com\0.badguy.com, using the null character \0 in the URL.

The CA will issue the certificate for a domain like PayPal.com\0.badguy.com because the hacker legitimately owns the root domain badguy.com.

Then, due to a flaw found in the way SSL is implemented in many browsers, Firefox and others theoretically can be fooled into reading his certificate as if it were one that came from the authentic PayPal site. Basically when these vulnerable browsers check the domain name contained in the attacker’s certificate, they stop reading any characters that follow the “\0″ in the name.

More significantly, an attacker can also register a wildcard domain, such as *\0.badguy.com, which would then give him a certificate that would allow him to masquerade as any site on the internet and intercept communication.
============================



Archive powered by MHonArc 2.6.16.

Top of Page