On 03/31/2010 04:45 PM, Kai Engert:
====== snip quote begin ======
E.g., the attacker would send:
GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1
X-Ignore-This:
And the server uses the victim's account to send a pizza to the attacker.
======= snip quote end =======
This attack is highly theoretical beyond believe, specially the
X-Ignore-This-and-That headers. Is has no real and practical value
whatsoever. Here some interesting observations and opinion by others:
http://blogs.technet.com/srd/archive/2010/02/09/details-on-the-new-tls-advisory.aspx
Any renegotiation attempt to the client will be ignored and no data is
leaked.
Even if the client rejects all incoming requests for renegotiation,
the client has already sent out its credentials as part of a HTTP/SSL
request. Yes, the credentials are not being directly leaked to the
attacker, but that's not necessary.
Of course this is necessary and the twitter attack worked exactly and
only because data was leaked from the client. Basically if the client
doesn't leak any data (which it shouldn't when implementing RFC 5746,
the attack is not possible (except for very bad coding of the
application layer, but that doesn't count)
The credentials will be combined with an arbitrary request chosen by
the attacker, as illustrated above.
If that attack works, no renegotiation would be necessary, such a site
would be vulnerable by simpler means and would work probably in any case.
Effectively, the attacker can execute a request on behalf of the user,
without needing to know the user's credentials.
Your assumptions are wrong and the whole thing is over-hyped as I
mentioned in the bug.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
