Vigil@nce - NSS: accepting short DHE keys
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When an SSL/TLS server uses a short DHE key, an attacker who
captured the session can decrypt it more easily.
Severity: 1/4
Creation date: 02/11/2010
DESCRIPTION OF THE VULNERABILITY
The NSS (Network Security Services) library implements SSL/TLS.
An attacker, who is located between the client and the server, and
who knows the server secret key, can decrypt a SSL/TLS session.
The EDH/DHE (Ephemeral Diffie-Hellman) algorithm is used to
compute a new key only known by the client and the server, so the
intermediate attacker cannot decrypt the session.
However, if the SSL/TLS server uses a short DHE key (8 bit for
example), the NSS client does not reject it. The DHE protection
can thus be bypassed by a brute force (256 cases to test for
example).
When an SSL/TLS server uses a short DHE key, an attacker who
captured the session can therefore decrypt it more easily. It can
be noted that the server has no legitimate reason to use a short
key, so this vulnerability is initially due to a server error.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NSS-accepting-short-DHE-keys-10090