TLS/SSL Man-In-The-Middle Renegotiation Vulnerability

Ran_Stone · November 10, 2013, 2:48pm

Vulnerability found on OpenFire version 3.8.2 installed on windows 2008 R2 server

Info:

TLS 1.0 (and higher) and SSL 3.0 (and higher) are vulnerable to man-in-the-middle style attacks.

The flaw is specific to the renegotiation phase within the protocol. An attacker can potentially inject arbitrary plaintext into an application’s protocol stream. This action can lead to numerous results, including attacks on Certificate Authentication mechanisms. This issue affects multiple platforms/vendors/applications which use the affected protocols.

General fix:

Several vendors have released httpd update packages. The OpenSSL Repository also contains an update for OpenSSL.

It should be noted that initial patches simply mitigate the problem by disabling renegotiation rather than solving the problem completely.

Flow · November 11, 2013, 2:03pm

Thanks. This looks like the output of some security scanner copied and pasted. Do you have some more info or references, e.g. a CVE?

Jason60 · November 11, 2013, 5:35pm

well obviously it’s because he’s running on Windows!

lol, jk of course! – in seriousness though, I agree with Flow, looks like a PCI-DSS Vuln Scanner output. Although our’s at my company has never failed (yet). We use Ambrian TrustWave/TrustKeeper…

Ran_Stone · November 14, 2013, 9:57am

Thanks for the prompt,

This is indeed a Tenable Nessus scanner output.

CVE #CVE-2009-3555

CVE #:
CVE-2009-3555

Release Date:
November 4, 2009

Vulnerable OS:
Any

Vulnerable Application:
N/A

Risk Type:
Unauthorized Access

Summary:
TLS 1.0 and SSL 3.0 contain a man-in-the-middle renegotiation vulnerability.

Info:
TLS 1.0 (and higher) and SSL 3.0 (and higher) are vulnerable to man-in-the-middle style attacks.

The flaw is specific to the renegotiation phase within the protocol. An attacker can potentially inject arbitrary plaintext into an application’s protocol stream. This action can lead to numerous results, including attacks on Certificate Authentication mechanisms. This issue affects multiple platforms/vendors/applications which use the affected protocols.

General Fix:
Apply the appropriate patch from your vendor. Several vendors have released httpd update packages.

The OpenSSL Repository also contains an update for OpenSSL.

It should be noted that initial patches simply mitigate the problem by disabling renegotiation rather than solving the problem completely.

Domino

Starting in Domino versions 8.0.2 Fix Pack 6, 8.5.1 Fix Pack 4, and 8.5.2, you can disable SSL renegotiation by adding the following parameter to the notes.ini:

SSL_DISABLE_RENEGOTIATE=1

Apache Tomcat

Refer to http://tomcat.apache.org/security-6.html#Not_a_vulnerability_in_Tomcat for OpenSSL and Java based workarounds.