[Dshield] Eavesdropping

Stephane Grobety security at admin.fulgan.com
Sat Jun 5 06:46:09 GMT 2004


JRK> Yes, it can be done. It is relatively easy to do by exploiting
JRK> the fact that IE does not check the basic constraints of a cert,
JRK> so if you have a valid cert, you can sign a cert claiming to be
JRK> anyone and IE is fat dumb and happy about it.

Are you sure of that ? There was an old bug (long fixed) in IE (and
all MS SSL implementations, BTW) that didn't check if all certificates
in the chain but the root had the "sign certificate" key usage set,
allowing you to use certs obtain legally to create invalid certs that
where accepted by IE. AFAIK, this bug has been long fixed.

Or are you talking about something different ?

JRK> Anyone with slightly more skill than the average script kiddie,
JRK> minimal knowledge of SSL, and a valid cert signed by a root
JRK> authority, can take any of the MITM programs (such as hunt or
JRK> juggernaut) and tweak them to perform just such an attack.

There I don't get you: If you get a cert signed by a valid CA, if the
cert's name matches the site name you're sending the user to and if
the certificate itself is valid (by that, I mean that all certs in the
chain have been checked for validity, including their allowed key
usage), I don't see the problem: you've, in effect, created a "true
false identity" for the web site and no ammount of security can
protect you.

Now, if you know a way to make IE accept as valid a certificate that
doesn't have the same name as the host you're connecting to, then I'd
be glad to hear it (and I'm sure MS would be too). Or are you talking
about something different there ?

In short: Do you have anything to back up your claims ?

Good luck,
Stephane




More information about the list mailing list