SSL/TSL Protocol Vulnerability

Microsoft have released a security advisory warning of a vulnerability in the SSL and TSL protocols. The temporary workaround is to disable SSL renegotiation functionality, though that could impact the usability of some applications.

The vulnerability is a Man-in-the-Middle attack that occurs during TLS renegotiation. Let us take HTTP as the application protocol and try to find a vulnerability in HTTPS. In our example, we have two Apache or IIS directories – one requires client-side authentication and the another doesn’t. When moving to the second directory, the server will renegotiation the TLS connection, requesting the client certificate. The request for the protected resource must come before the certificate renegotiation – if it didn’t, the server wouldn’t know that renegotiation was required. When the renegotiation is complete, the server must replay the request inside the authenticated session. On receipt of this replayed request, it responds to the client.

The exploit involves the MiTM attacker ‘request splicing’ two requests before those of the genuine client. The first, is for an unprotected directory, and the second is for a protected resource. By finishing the second request with an unterminated header, the first line of the genuine request is effectively commented out. Thus, the resource requested by the genuine request is chosen by the attacker. The client negotiates with the server in the normal manner and the server responds to the request. The MiTM attacker has effectively injected plaintext into the encrypted channel.

Extended Subset and Links carry extensive technical descriptions of various application protocol issues resulting from this TLS vulnerability.