Actu
Vigil@nce - Mozilla NSS: disabling Forward Secrecy of ECDHE_ECDSA
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-middle on an ECDHE_ECDSA
exchange with a Mozilla NSS client, in order to disable the
Forward Secrecy, which may ease the session decryption.
Impacted products: Debian, NSS, RHEL.
Severity: 1/4.
Creation date: 18/08/2015.
DESCRIPTION OF THE VULNERABILITY
The TLS protocol uses a series of messages which have to be
exchanged between the client and the server, before establishing a
secured session.
During an ECDHE_ECDSA exchange, if the server does not send the
ServerKeyExchange message, the TLS client must abort the
handshake. However, NSS accepts it, and it uses the EC key from
the ECDSA certificate, which prevents Forward Secrecy.
This vulnerability is a variant of VIGILANCE-VUL-16300.
An attacker can therefore act as a Man-in-the-middle on an
ECDHE_ECDSA exchange with a Mozilla NSS client, in order to
disable the Forward Secrecy, which may ease the session decryption.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Mozilla-NSS-disabling-Forward-Secrecy-of-ECDHE-ECDSA-17695
