SSL/TLS Vector Vulnerability

Discuss the many weaknesses of browser security and ways to mitigate the threat

SSL/TLS Vector Vulnerability

Post by TerrZo on Sun Jun 17, 2012 1:33 am
([msg=67305]see SSL/TLS Vector Vulnerability[/msg])

Hello, I really hope this post goes here! If not, then I'm sorry.

Well, the thing is... I run a site which, I tought was perfectly secure. Then, I decided to scan it with Nessus. The resoults were:

Description
: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. 


Description
: The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

Description: 
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Description
The remote host is running Oracle Application Server. 

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the directory '/dav_portal/portal'.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.


Since I know how MiTM attacks work, I was wondering how it is possible to perform attacks such as those exploit/web based. I don't know how non-MiTM attacks in this report work. Can someone help me to learn how this attacks are performed?
TerrZo
New User
New User
 
Posts: 2
Joined: Sun Jun 17, 2012 1:23 am
Blog: View Blog (0)


Re: SSL/TLS Vector Vulnerability

Post by anarchy420x on Sun Jun 17, 2012 3:23 am
([msg=67306]see Re: SSL/TLS Vector Vulnerability[/msg])

TerrZo wrote:Hello, I really hope this post goes here! If not, then I'm sorry.

Well, the thing is... I run a site which, I tought was perfectly secure. Then, I decided to scan it with Nessus. The resoults were:

Description
: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. 


Description
: The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

Description: 
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Description
The remote host is running Oracle Application Server. 

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the directory '/dav_portal/portal'.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.


Since I know how MiTM attacks work, I was wondering how it is possible to perform attacks such as those exploit/web based. I don't know how non-MiTM attacks in this report work. Can someone help me to learn how this attacks are performed?


I'm going to be honest, Anon; I have issues with the way this was written. You started out talking about how you thought your website was perfectly secure, but it wasn't. Then you list a series of descriptions about possible attacks and then ask how to perform said attacks.

Now Anon, don't mistake me. I do not attack your character or who you are, but I question the legitimacy of your post.
You see Anon, you didn't give us a link to your website. I understand, you don't want us trying to "hack" your website. You fear the "hackers" whom you want to help you.
You didn't ask for help on preventing the attacks, or how to fix the issues laid out for our eyes. You didn't ask any questions about the issues so you could learn for yourself how to prevent attacks. You didn't ask for any resources to try and find the information.

You Anon, simply asked how to perform an attack. Had you of worded this better, you might have gotten a better answer.

Good luck and may someone else be kinder than I.
A broken clock is right twice a day, however, I am neither up that early nor up that late...
anarchy420x
Poster
Poster
 
Posts: 279
Joined: Thu Oct 16, 2008 12:43 am
Blog: View Blog (0)


Re: SSL/TLS Vector Vulnerability

Post by LoGiCaL__ on Sun Jun 17, 2012 1:24 pm
([msg=67316]see Re: SSL/TLS Vector Vulnerability[/msg])

TerrZo wrote:Hello, I really hope this post goes here! If not, then I'm sorry.

Description
: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. 



http://www.sophos.com/en-us/support/knowledgebase/116636.aspx

TerrZo wrote:Description
: The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.


http://wirespeed.xs4all.nl/mediawiki/index.php/The_remote_webserver_supports_the_TRACE_and/or_TRACK_methods

TerrZo wrote:Description: 
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.


http://shalb.com/kb/entry/31705/

TerrZo wrote:Description
The remote host is running Oracle Application Server. 

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the portal/portal'/directory '/dav_


http://shalb.com/kb/entry/32479/

TerrZo wrote:Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.


http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555

While I tend to agree with anarchy420x here, I provided some links with some information. Hopefully you will be able to find what you are looking for.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: SSL/TLS Vector Vulnerability

Post by TerrZo on Sun Jun 17, 2012 1:35 pm
([msg=67317]see Re: SSL/TLS Vector Vulnerability[/msg])

Hello, as you said I'm trying not to post my website to prevent some things. First, I'm really new to these forums and I starting to trust this community. Second, I have some buddys at work; as I said, I run the site it is not mine and I'm afraid they could think wrong if they see this kind of post. Maybe is something "I must know" as the web runner.
I might not been clear, of course I want information or any resource so I can lear as much as I can. I think I've solved the issues as Nessus said, Nessus puts some links below to "prevent these attacks" and I followed those steps.That's why I did'nt came here to ask how to solve theme since I think they are already solved.

Thanks for your answer anyways! I know, I should've been more clear.

Thanks for your answer too LoGiCaL__, I will follow those links.
TerrZo
New User
New User
 
Posts: 2
Joined: Sun Jun 17, 2012 1:23 am
Blog: View Blog (0)


Re: SSL/TLS Vector Vulnerability

Post by anarchy420x on Mon Jun 18, 2012 1:57 am
([msg=67328]see Re: SSL/TLS Vector Vulnerability[/msg])

You know Logical, It's really hard to help people because of the way they post things. I think that the Disclaimer should be put in a place that stands out more. I honestly didn't see it myself until it was pointed out in a thread I was reading.

Maybe make it a pop up for the first 2 or 3 posts to make sure the message gets across.
A broken clock is right twice a day, however, I am neither up that early nor up that late...
anarchy420x
Poster
Poster
 
Posts: 279
Joined: Thu Oct 16, 2008 12:43 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests