lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Dec 2009 12:16:16 -0800
From: "Barry Raveendran Greene" <>
To: "'RedTeam Pentesting GmbH'" <>,
Subject: RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python)

Also, can you change this:

"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
draft standard that addresses the vulnerability."


"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS
Working Group draft that addresses the vulnerability."

Where "IETF TLS Working Group" is hyperlinked to

That would help people who do not have a clue who the IETF or the TLS WG or
that both are open standards forums.



> -----Original Message-----
> From: RedTeam Pentesting GmbH []
> Sent: Monday, December 21, 2009 5:04 AM
> To:
> Subject: TLS Renegotiation Vulnerability: Proof of Concept Code
> (Python)
> Information about a vulnerability in the TLS protocol was published in
> the
> beginning of November 2009. Attackers can take advantage of that
> vulnerability
> to inject arbitrary prefixes into a network connection protected by
> TLS. This
> can result in severe vulnerabilities, depending on the application
> layer
> protocol used over TLS.
> RedTeam Pentesting used the Python module "TLS Lite" to develop proof
> of concept
> code that exploits this vulnerability. It is published at
> to raise awareness for the vulnerability and its potential impact.
> Furthermore,
> it shall give interested persons the opportunity to analyse
> applications
> employing TLS for further vulnerabilities.
> --
> RedTeam Pentesting GmbH                    Tel.: +49 241 963-1300
> Dennewartstr. 25-27                        Fax : +49 241 963-1304
> 52068 Aachen          
> Germany                         Registergericht: Aachen HRB 14004
> Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck

Powered by blists - more mailing lists