A serious flaw in Transport Layer Security (TLS) protocol was recently brought to light via the Internet Engineering Task Force (IETF) mailing list (archive).
TLS is the most common data security protocol on the Internet primarily used to encrypt online HTTP nagotiations, such us online banking and commercial transactions, and to secure online services, such us email and database access. The vulnerability was identified by the researchers at Phonefactor as ‘SSL/TLS Authentication Gap‘. The vulnerability allows an attacker to inject himself, in a number of serious Man-In-The-Middle (MITM) attacks, into the authenticated SSL communication path. This could be done without either parts of the negotiation (client-server) being able to detect the attack.
Specifically, the protocol allows client/server to initiate renegotiation, a new handshake which establish new cryptographic parameters. The new handshake is carried out through the already protected, established original handshake. The problem lies that there is no cryptographic connection between the two handshakes. Thus, an attacker can form a connection with the target server, inject the content he wants and splice in a new connection from a client. The server treats the clients connection as a renegotiation and thinks that the initial data transmitted by the attacker is from the client. An example is shown below, with – shows an unencrypted negotiation and == an encrypted:
Since its a protocol vulnerability, all SSL libraries will need to be patched. Patches are not available yet although some possible proposed solutions are being discussed. The vulnerability discovered by Marsh Ray and Steve Dispensa from PhoneFactor and was demonstrated in a group of affected vendors in Mountain View, CA, on September 29, 2009. Although they volunteered to delay disclosure of the vulnerability until 2010, in order to allow time to vendors to produce necessary patches, an independent researcher posted details in Internet Engineering Task Force (IETF) mailing list on November 04, causing the news to be spread.
A vulnerability note was posted CERT (VU#120541).
Tags: Man-In-The-Middle, ssl