Exploit Available: web Tue Aug 6 13: 42: 57 2002 Date: Mon, 5 Aug 2002 16: 03: 29 -0700 (PDT) From: Mike Benham To: Subject: IE SSL Vulnerability Internet Explorer SSL Vulnerability 08/05/02 Mike Benham web Explorer’s implementation of SSL contains a vulnerability that allows for an active, undetected, man in the middle attack. No shown, no warnings are given. Description In the normal case, the administrator of a web site might wish to provide secure communication via SSL. To do so, the administrator generates a certificate and has it signed by a Certificate Authority. The generated certificate should list the URL of the secure web site in the Common Name field of the Distinguished Name section. The CA verifies that the administrator legitimately owns the URL in the Canfield, signs the certificate, and gives it back.
Assuming the administrator is trying to secure web we now have the following certificate structure: [CERT – Issuer: VeriSign / Subject: VeriSign]-> [CERT – Issuer: VeriSign / Subject: web a web browser receives this, it should verify that the CN field matches the domain it just connected to, and that it’s signed using a known CA certificate. No man in the middle attack is possible because it should not be possible to substitute a certificate with a valid CN and a valid signature. However, there is a slightly more complicated scenario. Sometimes it is convenient to delegate signing authority to more localized authorities. In this case, the administrator of web would get a chain of certificates from the localized authority: [Issuer: VeriSign / Subject: VeriSign]-> [Issuer: VeriSign / Subject: Intermediate CA]-> [Issuer: Intermediate CA / Subject: web a web browser receives this, it should verify that the CN field of the leaf certificate matches the domain it just connected to, that it’s signed by the intermediate CA, and that the intermediate CA is signed by a known CA certificate. Finally, the web browser should also check that all intermediate certificates have valid CA Basic Constraints.
The Essay on In What Ways Was Napoleon A Warrior Overloard In His Treatment Of His Subjects
The question asks what was Napoleons treatment of his European subjects. However first we need to learn what these subjects were and distinguish the differences between them. The states of the Grand Empire fell into one of two categories - lands annexed directly to France, or satallite states under French control but allegedly enjoying a modicum of independence. The extent of Napoleons influence ...
You guessed it, Internet Explorer does not check the Basic Constraints. Exploit So what does this mean? This means that as far as IE is concerned, anyone with a valid CA-signed certificate for ANY domain can generate a valid CA-signed certificate for ANY OTHER domain. As the unscrupulous administrator of web I can generate a valid certificate and request a signature from VeriSign: [CERT – Issuer: VeriSign / Subject: VeriSign]-> [CERT – Issuer: VeriSign / Subject: web I generate a certificate for any domain I want, and sign it using my run-of-the-mill joe-blow CA-signed certificate: [CERT – Issuer: VeriSign / Subject: VeriSign]-> [CERT – Issuer: VeriSign / Subject: web [CERT – Issuer: web / Subject: web IE doesn’t check the Basic Constraints on the web it accepts this certificate chain as valid for web with any CA-signed certificate (and the corresponding private key) can spoof anyone else. Severity I would consider this to be incredibly severe. Any of the standard connection hijacking techniques can be combined with this vulnerability to produce a successful man in the middle attack. Since all you need is one constant CA-signed certificate (and the corresponding private key), an attacker can use that to generate spoofed certificates for other domains as connections are intercepted (on the fly).
The Essay on When Is A Web Page Subject To A States Jurisdiction
When is a Web Page Subject to a States Jurisdiction? Nowadays, with the growth of Internet users, it is necessary to know about jurisdictional issues respecting Internet activities in the United States and other countries. Different courts have made different conclusions concerning jurisdiction in cases involving the Internet. A court can use personal jurisdiction to individuals (the power over ...
Since no warnings are given and no dialog’s are shown, the attacker has effectively circumvented all security that an SSL certificate provides. There is some level of accountability, though, since a user who randomly chooses to view the certificate of the web site she’s visiting will seethe attacker’s certificate in the chain. However, by that point the damage has already been done. All ‘secure’ data has already been transmitted. Affected Browsers Netscape 4. x and Mozilla are NOT vulnerable.
IE 5 and 5. 5 are vulnerable straight-up, and IE 6 is mostly vulnerable. When VeriSign issues certificates, usually they leave out the CA Basic Constraint information all together. Thawte tends to explicitly put in a Basic Constraint CA = FALSE with the critical bit set to TRUE. When the CA Basic Constraint on the middle certificate is explicitly set to false and marked as critical, IE 6 does not follow the chain. Whenit’s not mentioned at all, IE 6 follows the chain and is vulnerable.
This just means that an attacker needs to use a VeriSign-issued certificate to exploit IE 6. Working Exploit ” ve set up a URL to demonstrate this problem. If you want to test browsers not listed above or need proof of this vulnerability, contact me and I’ll give you the information. Vendor Notification Status Last week I saw Microsoft downplay and obfuscate the severity of the IE vulnerability that Adam Mega cz reported.
After seeing that, I don’t feel like wasting time with the Microsoft PR department. – Mike — web.
