About | Buy Stuff | News | Products | Rants | Search | Security | Social
Home » News » Roundups

MS Do It Again

December 22, 2001 2:40 PM UTC
This one is interesting for a number of reasons. One: it's a great big gaping (and potentially very dangerous) hole, and we're talking stolen money, stolen credit cards here - major bucks for everyone. Two: Microsoft - shielding themselves with their new stranglehold on security companies and their pressure to stifle 'full disclosure' - felt they could la-la around during the Xmas shopping season precisely when most people will be extremely vulnerable - which is totally unconscionable. Herewith the entire advisory.

From: security@e-matters.de
Date: Sat, 22 Dec 2001 15:37:04 +0100
To: bugtraq@securityfocus.com
Subject: IE https certificate attack

                            e-matters GmbH
                           www.e-matters.de

                       -= Security  Advisory =-


      Advisory: Interner Explorer HTTPS certificate attack
  Release Date: 2001/12/22
        Author: Stefan Esser [s.esser@e-matters.de]

   Application: Microsoft Internet Explorer 5.0/5.5/6.0
      Severity: Vulnerability in IE's SSL Certificate handling allows
                undetected SSL Man-In-The-Middle attacks
          Risk: Very High
 Vendor Status: Notified
     Reference: http://security.e-matters.de/advisories/012001.html


Overview:

    A flaw in Microsoft Internet Explorer allows an attacker to perform
    a SSL Man-In-The-Middle attack without the majority of users recognising
    it. In fact the only way to detect the attack is to manually compare the
    server name with the name stored in the certificate.

    For a basic introduction into SSL MIM attacks I recommend reading:

    Phrack #57 - Hang on, Snoopy (by stealth)
    http://www.phrack.org/show.php?p=57&a=13

Details:

    There is a flaw in the way IE checks HTTPS objects that are embedded into
    normal HTTP pages. According to my tests IE does only check if the certi-
    ficate of the HTTPS server is properly signed by a trusted CA but totally
    ignores if the cert was issued onto the correct name or has already ex-
    pired. This is in fact not dangerous because the user considers HTTPS
    objects embedded in a HTTP page not secure. The problem is that IE flags
    the certificate as trusted and caches this certification trust until your
    browser session ends. That means once you visited a normal http page that
    included an image from the MIMed SSL Server, IE will not warn you about
    an illegal site certificate as long the certificate was signed by f.e.
    Verisign.

    A possible scenario would be:

    Hacker runs a MIM attacking tool for HTTP/HTTPS in the subnet of your
    site. The HTTP part of the tool auto appends

    <img src='https://www.yoursite.com/nonexistent.gif' width=1 height=1>

    to any html page that is returned to your customer's browser and the
    HTTPS part presents his browser a valid but stolen certificate for
    www.shop.com. IE will only check if the cert was signed by a trusted CA
    when trying to display the image and won't compare the name inside the
    cert or check the expiration date. If your customer now tries to login
    to your site via HTTPS IE will consider the cert trustworthy without
    checking it again. Your customer will only be able to determine that he
    was just tricked by manually checking the servername in the cert. But
    you can be sure that only paranoid people would check. The majority of
    people don't even know how they can do so. Imagine the hacker stole the
    cert from 'yoursite.de'... How many users of 'yoursite.com' would not
    trust a cert that was issued on 'yoursite.de'. The average user does
    not know anything about SSL than it's making his payment 'secure'.

Proof of Concept:

    A proof of concept webpage was put up at http://suspekt.org. Clicking
    onto the 'To the secure page...' link will send your browser to
    https://suspekt.org without IE warning you that the certificate was not
    issued onto that server.

    This is not a MIM but it has the same effect: IE will tell you a page is
    secure although the certificate is illegal and its possible for a third
    party (anyone who owns the given certificate) to decrypt your traffic in
    realtime.

Vendor Response:

    26 November 2001 -   Microsoft was informed about this vulnerability
    27 November 2001 -   Proof of concept page got visited by lots of MS IPs
    01 December 2001 -   Microsoft informed us with a standard reply that
                         they have received the advisory
    12 December 2001 -   Microsoft was informed that were going to release
                         the advisory within the next 3 days
    13 December 2001 -   Microsoft asked us to wait because the issue is
                         complex due to the fact a lot of cryptography
                         is involved
    21 December 2001 -   Microsoft sent an update: no patches yet,
                         still a complex issue

Conclusion:

    Until today Microsoft did not release a patch, they had nearly a month
    time to fix the bug. Instead they call it a very complex issue. Because
    I don't know the source code of the Internet Explorer I cannot check the
    validity of these claims, but from my point of view fixing this missing
    check is just a matter of copy and pasting a few lines. Unfortunately it
    is christmas time and especially during the last month millions of cus-
    tomers where buying christmas presents on the internet all around the
    world. That means millions of customers were shopping with insuffient
    protection of their private data. Because there are no patches out yet,
    I strongly recommend that you use Mozilla, Opera or another non MS brow-
    ser to do your internet banking or shopping these days. If you think
    (for whatever strange reason) that you need the Internet Explorer,
    ensure that the certificate is the correct by comparing the servername
    in the certificate with the one in your browser...

GPG-Key:

    http://security.e-matters.de/gpg_key.asc

    pub  1024D/D19C5835 2001-11-26 e-matters GmbH - Securityteam
    Key fingerprint = DD27 8C4B CEDE 41A9 5766  39BA AF65 B19C D19C 5835

Copyright 2001 Stefan Esser. All rights reserved.
About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.