SSL is NOT secure in IE and Konqueror

Networking/Security Forums -> Exploits // System Weaknesses

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Mon Aug 12, 2002 3:14 pm    Post subject: SSL is NOT secure in IE and Konqueror
The Register wrote:
A colossal stuff-up in Microsoft's and KDE's implementation of SSL (Secure Sockets Layer) certificate handling makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse hapless Konqueror and Internet Explorer users with impunity.

In more detail, we have a certificate chain issue discovered by Mike Benham of A chain is formed when an intermediate certificate is trusted between server and client. Supposedly, the intermediate is accepted only if it's signed by the certificate authority as safe for the purpose. If it's merely signed by another certificate's key, it ought not to be trusted, or at least the user should be warned. Unfortunately, due to a preposterous security engineering oversight, IE and Konqueror don't bother to check this, so if a tricky site owner signs an intermediate cert with another valid cert, users will be none the wiser.

The browser, Benham says, "should verify that the CN [Common Name] field of the leaf certificate matches the domain it just connected to, that it's signed by the intermediate CA [Certificate Authority], and that the intermediate CA is signed by a known CA certificate. Finally, the Web browser should check that all intermediate certificates have valid CA basic constraints."

And it's here that IE fails. There's no checking of basic constraints. Thus an attacker can obtain a legitimate SSL cert for his domain and use it to sign a dummy cert for a second site. IE fails to check whether the dummy is in fact valid for the second site, but merely assumes that it is. More specifically, a cert which should not be used to sign others simply isn't checked. It's entirely possible to specify that a given cert is not valid to sign others; only IE will simply neglect to check if that's the case.

The wind-up is that any fool with an SSL cert can spoof certs for popular, trusted sites, and intercept communications widely imagined to be secure with a man-in-the-middle attack. If this should happen to you, that reassuring little padlock icon is essentially worthless.

Benham has set up a demonstration using as the spoofee. I gather he would prefer the test IP not be published, but he can be reached via email through his BugTraq posts. For the demonstration to work, the test IP and amazon have to be associated.

I've not tested this on IE because several researchers posting to Benham's BugTraq thread have confirmed the behavior. But I did test it on Mozilla 0.9.4, which Benham says isn't vulnerable, and Konqueror 3.0 (KDE 3.0.2 on SuSE 8.0), which he doesn't mention.

Konqueror turned out quite vulnerable, as I mentioned above. Mozilla was not vulnerable, but I'm not sure if that's because it handled the situation properly, or is, ironically, somehow too buggy to be exploited.

I made a simple HTML file with links to the amazon URL. After associating Benham's test-page IP with in my hosts file I found that in Konqueror, following a link to brought me immediately to the 'you've been hacked' page, indicating total failure. The behavior was the same when I typed the URL into the address bar.

With Mozilla the URL, simply went nowhere. No cert warning, no 404, nothing. The browser simply remained on the page from which I started. The behavior was the same when I typed the URL into the address bar.

I honestly don't know if that qualifies as success or a felicitous failure; but either way Mozilla users can continue to use SSL in the mean time, while Microsoft and VeriSign are bickering and blaming each other for the problem.

There is some more info about it here:

Someone performed full man-in-the-middle with a real bank involved and himself as victim.

Scarily it works perfectly.

A brief description and screenshots are available at

Details on programs' setup and fake certificate generation are omitted not to provide script-kiddies with a ready recipe.

Actually, you can use Mike's as demo site but you first need to DNS spoof your browser into thinking that has address of, which is easy using dnsspoof from dsniff for example.

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Mon Aug 12, 2002 8:38 pm    Post subject:
Just been reading this on securityfocus.

I note the last line
Microsoft and VeriSign are bickering and blaming each other for the problem

Will they issue a patch or could this be part of the alledged FBI back door??

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Aug 13, 2002 3:55 pm    Post subject:
The Register wrote:
A serious flaw in SSL certificate handling reported by Mike Benham, affecting IE and Konqueror, has already been fixed by KDE's Waldo Bastian, we're pleased to mention.

The fix is available only in the CVS (Concurrent Versions System) tree at the moment, but KDE reckons it will have patched binaries available for its 3.0.3 version, available early next week. A patch for KDE 2.2.x is currently in the works.

As for Microsoft? According to Benham they haven't even replied to him yet. Apparently, real Trustworthy Computing takes an enormous amount of time.

Conversely, the speed with which the open source community jumps on security bugs and sorts them out is remarkable, and ought to be a solid selling point. Consider the nearly miraculous turnarounds by on this bug, and this one. Consider a serious Apache bug fixed in less than 24 hours, though security sluts ISS shanked with a premature-release publicity stunt.

SSL, we should point out, is one of the most important consumer security protocols in use on the Web. It's what makes your credit card transactions with pr0n sites appear safe. It's what persuades you that sensitive personal data which you entrust to a Web site is a secret between you and them. Only it's broken. Mozilla isn't affected; Opera (on Windows, at least) is fixed as of today; Konqueror will be fully patched by Monday or Tuesday, and IE is vulnerable and in Limbo while MS tries to figure out how to explain it to the teeming millions who trust their products, in preparation for eventually fixing it. But the spin comes first. That's the meaning of Trustworthy Computing.


Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Wed Aug 14, 2002 1:36 pm    Post subject:
Says it all really!

Networking/Security Forums -> Exploits // System Weaknesses

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group