Wednesday, 4 December 2013

SSL/TLS use of Weak RC4 cipher - Validating the Findings

Results from Qualys Scan

-SSL/TLS use of weak RC4 cipher

Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features.

SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical.

The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis.

If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user who's cookie was recovered.

This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from ciphertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie.

RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, newer versions of TLSv addressed these issues.

Validating the Findings

Using SSLscan

#sslscan --no-failed <IP>

Using Nmap

#nmap --script ssl-enum-ciphers -p 443 <IP>

Using SSLAudit.exe

No comments:

Post a Comment