Real World Exploit for Bleichenbachers Attack on SSL from Crypto'06 working
Erik Tews
e_tews at cdc.informatik.tu-darmstadt.de
Fri Sep 15 13:29:39 EDT 2006
Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
> I have to check some legal aspects before publishing the names of the
> browser which accepted this certificate and the name of the
> ca-certificates with exponent 3 I used in some hours, if nobody tells me
> not to do that. Depending on the advice I get, I will release the
> sourcecode of the exploit too.
OK, so here are the names of the browsers I tried:
* Mozilla Firefox Version 1.5.0.6 and all previous versions
including all old versions like netscape 4 seem to be affected.
They don't display any kind of warning message at all, nor has
the user the possibility to see something if he looks at the ssl
connection properties. Firefox 1.5.0.7 was released yesterday
and contains a fix. Netscape is not longer supported and
netscape phoned me and suggested switching to another browser
like seamonkey.
* Opera 9.01 is affected. Opera is going to release 9.02 very very
soon which will contain a bugfix. Opera users are automatically
notified once a week when a new version is available.
* Konqueror from the kde project uses openssl for ssl-connections.
They are affected, but after having patched openssl, konqueror
is fixed too.
The following certs could be used in the attack:
Starfieldtech has issued the following certificate:
Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Cla ss 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@ valicert.com
Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://www.starfieldtech.com/repository, CN=Starfield Secure Certification A uthority/emailAddress=practices at starfieldtech.com
X509v3 Basic Constraints: CA:TRUE
Serial Number: 260 (0x104)
RSA Public Key: (1024 bit)
Exponent: 3 (0x3)
This can be used to create an CA certificate which seems to be signed by Starfieldtech
There is another certificate by default in a lot of browsers:
Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
RSA Public Key: (1024 bit)
Exponent: 3 (0x3)
X509v3 Basic Constraints: CA:TRUE
Serial Number: 927650371 (0x374ad243)
This one can be used too.
Depending on the browser you use, there are some other certificates.
Here is a list of all Subject DN of all CA certs we have found so far,
which seems to be affected:
* C=US, O=Digital Signature Trust Co., OU=DSTCA E1
* C=US, O=Digital Signature Trust Co., OU=DSTCA E2
* C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS
incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited,
CN=Entrust.net Client Certification Authority
* C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref.
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net
Secure Server Certification Authority
* C=EU, O=AC Camerfirma SA CIF A82743287,
OU=http://www.chambersign.org, CN=Chambers of Commerce Root
* C=EU, O=AC Camerfirma SA CIF A82743287,
OU=http://www.chambersign.org, CN=Global Chambersign Root
* C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2
Certification Authority
* C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2
Certification Authority
I decided to keep the actual implementation of the exploit secret for the moment.
We put up a little webpage summarizing some postings related to the
attack. This is written primary for end users who want to secure their
browsers, but contains links to some intresting mailing list posts too.
http://www.cdc.informatik.tu-darmstadt.de/securebrowser/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060915/fe582016/attachment.pgp>
More information about the cryptography
mailing list