https://www.gremwell.com/ en https://www.gremwell.com/ssl_tls_renegotiation_less_known_issues <span>Impact of TLS/SSL Renegotiation Vulnerability on HTTPS: Less Known Issues</span> <div><p>There is a couple of issues with TLS/SSL renegotiation vulnerability in the context of HTTPS protocol, which appear not to have made their way to the public.</p> <p> 1. Plain text prefix injection is not the only risk. The original advisory [1] mentions the possibility of "forwarding and repurposing of client certificate authentication credentials". In oss-sec maillist Marsh Ray goes in more details [2], and [3] dedicates one slide to "client certificate redirection".</p> <p> 2. The renegotiation vulnerability provides for an additional attack vector to exploit web application vulnerabilities. For example, MiTM attackers can use it to deliver an exploit for a non-persistent XSS bug to client's browser.</p> <p>References:</p> <p> [1] <a href="http://www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf">http://www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf</a><br /> [2] <a href="http://seclists.org/oss-sec/2009/q4/137">http://seclists.org/oss-sec/2009/q4/137</a><br /> [3] <a href="http://www.troopers10.org/content/e728/e897/e903/TROOPERS10_History_of_the_TLS_Auth_Gap_Bug_Dispensa_Ray.pdf">http://www.troopers10.org/content/e728/e897/e903/TROOPERS10_History_of_…</a></p> </div> <span><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">abb</span></span> <span>Sun, 09/12/2010 - 13:10</span> Sun, 12 Sep 2010 11:10:31 +0000 abb 56 at https://www.gremwell.com