lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091221130432.GB23192@otis.atalante.redteam-pentesting.de>
Date: Mon, 21 Dec 2009 14:04:32 +0100
From: RedTeam Pentesting GmbH <release@...team-pentesting.de>
To: full-disclosure@...ts.grok.org.uk
Subject: TLS Renegotiation Vulnerability: Proof of Concept
	Code (Python)

Information about a vulnerability in the TLS protocol was published in the
beginning of November 2009. Attackers can take advantage of that vulnerability
to inject arbitrary prefixes into a network connection protected by TLS. This
can result in severe vulnerabilities, depending on the application layer
protocol used over TLS.

RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept
code that exploits this vulnerability. It is published at

http://www.redteam-pentesting.de/publications/tls-renegotiation

to raise awareness for the vulnerability and its potential impact. Furthermore,
it shall give interested persons the opportunity to analyse applications
employing TLS for further vulnerabilities.

-- 
RedTeam Pentesting GmbH                    Tel.: +49 241 963-1300
Dennewartstr. 25-27                        Fax : +49 241 963-1304
52068 Aachen                    http://www.redteam-pentesting.de/
Germany                         Registergericht: Aachen HRB 14004
Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ