SSL TLS attacks

From wiki.exploitpedia.org

Tools

Direct connection to the server

$openssl s_client -connect $IP:443
$openssl s_client -debug -connect $IP:443


sslyze

https://github.com/nabla-c0d3/sslyze

$python -m sslyze --regular www.yahoo.com:443 www.google.com "[2607:f8b0:400a:807::2004]:443"


Build Windows executable:

C:>python.exe setup_cx_freeze.py build_exe


testssl.sh

Testing TLS/SSL encryption anywhere on any port

Very detailed and accurate

$testssl.sh https://$IP
$testssl.sh --openssl=/usr/bin/openssl $IP:443


Shows PFS (Perfect Forward Secrecy) supported algorithms:

$testssl.sh --openssl=/usr/bin/openssl -f $IP:443


Local tools

certutil. Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

Shows installed certificates:

$certutil
$certutil -dump


ATTACKS

CRIME (2012)

CRIME is a compression side-channel attack against HTTPS.


BREACH (2013)

BREACH: Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext is a security exploit against HTTPS when using HTTP compression. Exploits the use of gzip or DEFLATE data compression algorithms.

Mitigation: Do not use HTTP compression (gzip, DEFLATE).

POODLE (2014)

POODLE: "Padding Oracle On Downgraded Legacy Encryption" is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0.

CVSS 4.3

Mitigation: Do not use SSL 3.0

HEARTBLEED (2014)

Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed may be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension.

CVSS 5.0

Mitigation: Use OpenSSL version > 1.0.1g

Impact: Read server memory, compromising private keys, user passwords, etc.


DROWN (2015)

Drown stands for Decrypting RSA with Obsolete and Weakened eNcryption and is yet another SSLv2 vulnerability.

CVSS 4.3

Mitigation: Do not use SSL 2

SWEET32 (2016)

SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN (CVE-2016-2183 and CVE-2016-6329)

Mitigation: Do not use a block size of 64-bit, choose 128-bit instead (like AES).

Reference:


LUCKY13 (CVE-2013-0169)

Potentially VULNERABLE when uses cipher block chaining (CBC) ciphers with TLS

BEAST

CVE-2011-3389

The Browser Exploit Against SSL/TLS attack was published in September 2011 and affects SSL 3.0 and TLS 1.0. An attacker can “decrypt” data exchanged between two parties by taking advantage of a vulnerability in the implementation of the Cipher Block Chaining (CBC) mode in TLS 1.0 which allows them to perform chosen plaintext attack.

As the name implies, this attack is performed client-side (browser) using the Man-in-The-Middle technique. Using MiTM, an attacker can inject packets into the TLS stream. This allows an attacker to guess the Initialization Vector used in XORing with the message they injected, and then simply compare the results to the ones of the block they want to “decrypt”.

Source: https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/

LOGJAM

References:

Others

SAML

SAML: Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). The single most important use case that SAML addresses is web browser single sign-on (SSO)

Attacks on SAML protocol:

TLS 1.3

Benefits:

  • Supports downgrade protection
  • No renegotation
  • All algorithms support PFS (Perfect Forward Secrecy)


renegotiation_info extension

renegotiation_info extension prevents renegotiation attacks (from another source). To prevent that the flag TLS_EMPTY_RENEGOTIATION_INFO_SCSV is triggered.