Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - TLS: obtaining data size via HTTPS Bicycle

March 2016 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can analyze TLS sessions using the GCM mode, in order
to guess the size of confidential data sent.

Impacted products: SSL protocol.

Severity: 2/4.

Creation date: 06/01/2016.

DESCRIPTION OF THE VULNERABILITY

The TLS protocol supports several "ciphers". For example:
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
 ECDHE-ECDSA-AES256-SHA384
 ECDHE-RSA-AES256-SHA384

Those containing "GCM", use the Galois/Counter Mode, which is a
stream cipher (and not a block cipher). The size of the encrypted
message is thus the same as the size of the clear message. This
property (weakness) is known since several years. Note: RC4 is
also a stream cipher, but its usage is now not recommended.

However, if the attacker captures TLS packets, and knows a part of
the clear message, he can deduce the length of unknown data. For
example, the attacker can go to the authentication page of a web
service with the same browser than the victim, in order to know
the length of HTTP headers which are usually sent in the TLS
session. Then, if he captures the victim’s TLS session, he can
obtain the size of data sent in the authentication form, and thus
guess the size of his password.

An attacker can therefore analyze TLS sessions using the GCM mode,
in order to guess the size of confidential data sent.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/TLS-obtaining-data-size-via-HTTPS-Bicycle-18648


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts