|Title||SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes|
|Name||VU#864643||First vendor Publication||2011-09-27|
|Vendor||VU-CERT||Last vendor Modification||2011-12-08|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
|Cvss Base Score||4.3||Attack Range||Network|
|Cvss Impact Score||2.9||Attack Complexity||Medium|
|Cvss Expoit Score||8.6||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
Vulnerability Note VU#864643
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
OverviewA vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic.
I. DescriptionThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network application protocols such as HTTP, IMAP, POP3, LDAP, SMTP, and others. Several different versions of the SSL and TLS protocols have been standardized and are in widespread use. These protocols support the use of both block-based and stream-based ciphers.
A vulnerability in the way the SSL 3.0 and TLS 1.0 protocols select the initialization vector (IV) when operating in cipher-block chaining (CBC) modes allows an attacker to perform a chosen-plaintext attack on encrypted traffic. This vulnerability has been addressed in the specification for the TLS 1.1 and TLS 1.2 protocols.
II. ImpactAn attacker with the ability to pose as a man-in-the-middle and to generate specially-crafted plaintext input could decrypt the contents of an SSL- or TLS-encrypted session. This could allow the attacker to recover potentially sensitive information (e.g., HTTP authentication cookies).
III. SolutionWe are currently unaware of a practical solution to this problem.
Thanks to ThŠi Duong working with Matasano and Juliano Rizzo of Netifera for reporting the practical attack against this vulnerability. Wei Dai and Bodo MŲller identified the underlying flaw in the context of SSL and TLS.
This document was written by Chad R Dougherty.
|Url : http://www.kb.cert.org/vuls/id/864643|
CWE : Common Weakness Enumeration
|CWE-20||Improper Input Validation|
|Title:||SSL and TLS Protocols Vulnerability|
|Platform(s):||Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
|74829||SSL Chained Initialization Vector CBC Mode MiTM Weakness|