Vigil@nce - F5 BIG-IP : Man-in-the-Middle of Finished Message
août 2015 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can perform a Man-in-the-Middle on F5 BIG-IP, in order
to read or alter TLS session data.
Impacted products : BIG-IP Hardware, TMOS.
Severity : 1/4.
Creation date : 12/08/2015.
DESCRIPTION OF THE VULNERABILITY
The SSL-VPN feature of the F5 BIG-IP product uses the TLS protocol.
However, only the first and the last byte of the MAC of the TLS
Handshake Finished Message is checked.
Note : F5 says this behavior is normal.
An attacker can therefore perform a Man-in-the-Middle on F5
BIG-IP, in order to read or alter TLS session data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/F5-BIG-IP-Man-in-the-Middle-of-Finished-Message-17652