The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Certificate spoofing issue with Mozilla, Konqueror, Safari 2


<< Previous INDEX Search src / Print Next >>
Subject: Certificate spoofing issue with Mozilla, Konqueror, Safari 2
From: Nils Toedtmann <securityfocus@nils.toedtmann.net.>
To: Bugtraq <bugtraq@securityfocus.com.>
Content-Type: text/plain
Date: Sun, 18 Nov 2007 20:43:45 +0100
Message-Id: <1195415025.5999.33.camel@tpol.lan.>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.1 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

Moin *

Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2
do not bind a user-approved webserver certificate to the originating
domain name. This makes the user vulnerable to certificate spoofing by
"subjectAltName:dNSName" extensions. 

I set up a demonstration at <http://test.eonis.net/>;, check it out. For
details (vulnerable versions, vendor status, bug ids ...) see 

    <http://nils.toedtmann.net/pub/subjectAltName.txt>;


Attack scenario:

(1) Assumed a phisher could redirect a user's browser to his prepared
    https webserver spoofing "www.paypal.com" (by DNS spoofing or domain
    hijacking or other MITM attack). But the user's browser would raise
    an "unknown CA" warning because the phisher does not have a
    certificate for "www.paypal.com" issued by a browser-trusted CA
    (that's what X.509 and TLS is all about!). Thus, the phisher defers
    this step.

(2) The phisher creates another website "www.example.com" (not spoofed)
    and a home brewed X.509 cert:

        DN="CN=www.example.com"
        subjectAltName:dNSName=www.example.com
        subjectAltName:dNSName=www.paypal.com


    and lures the user to https://www.example.com/. The user gets an
    "unknown CA" warning, but the "subjectAltName:dNSName" extensions
    are not shown to him, so the cert looks ok. As he does not plan to
    enter any private information, he accepts it (temporarily or
    permanently) and proceeds.

(3) Any time later (if the cert got accepted temporarily this has to
    happen within the same session), the phisher lures the user to his
    spoofed https://www.paypal.com/, using the very same self-signed
    certificate - NO WARNING!

In the end, the cert warning and the spoofing attempt get separated into
two events which appear to the user as being unrelated. I consider this
a severe cert-spoofing issue, aggravated by the fact that affected
browsers also match any hostname with "subjectAltName:dNSName=*".

For Mozilla, this issue is known for more than three years without being
fixed.

Regards, /nils.



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру