Severe Vulnerability in Internet Explorer SSL
In what has been called one of the most serious problems ever detected in cryptography, researcher Mike Benham has discovered that undetected man-in-the-middle attacks can be implemented against users of Microsoft Internet Explorer (IE) 5.x and 6.x. Last
August 12, 2002
In what has been called one of the most serious problems ever detected in cryptography, researcher Mike Benham has discovered that undetected man-in-the-middle attacks can be implemented against users of Microsoft Internet Explorer (IE) 5.x and 6.x. Last week, Benham reported his findings to readers of a popular security mailing and detailed the vulnerability.
According to Benham's report, the problem stems from certificates that the Secure Sockets Layer (SSL) protocol uses. Under typical SSL operating conditions, a certificate is transferred to a user's browser when a user connects to an SSL-enabled Web site. Usually, one or more Certificate Authorities (CA) digitally signs the certificates after verifying that the site administrator legitimately owns the URL in the Common Name (CN) field. In some cases, an intermediate CA can sign certificates, which creates a chain of signatures. Benham said that, "When a Web browser receives [a certificate signed by an intermediate CA], it should verify that the CN field of the leaf certificate matches the domain it just connected to, that it's signed by the intermediate CA, and that the intermediate CA is signed by a known CA certificate. Finally, the Web browser should also check that all intermediate certificates have valid CA Basic Constraints. You guessed it, Internet Explorer does not check the Basic Constraints."
The lack of checking by IE creates a situation in which intruders can launch a man-in-the-middle attack, by covertly redirecting a user to a spoofed site that appears to be a legitimate site. During the process, IE gives no indication that such an attack is underway. Benham said, "This [vulnerability] means that as far as IE is concerned, anyone with a valid CA-signed certificate for ANY domain can generate a valid CA-signed certificate for ANY OTHER domain." To prove the vulnerability, Benham published a program, SSLSniff, which demonstrates the severity.
Benham apparently didn't give Microsoft time to address the matter before alerting the public. Benham said he was put off by Microsoft's recent attitude toward another security researcher, Mike Megacz; Benham thinks Microsoft unnecessarily downplayed and obfuscated Megacz's findings. Microsoft is aware of the problem Benham discovered but hasn't publicly responded.
About the Author
You May Also Like