Vigil@nce - Asterisk: Man-in-the-middle via null Common Name
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-middle using a null Common
Name, in order to capture data belonging to the SIP session of
Asterisk.
– Impacted products: Asterisk Open Source, MBS
– Severity: 2/4
– Creation date: 09/04/2015
DESCRIPTION OF THE VULNERABILITY
The Asterisk product can connect to a service protected by TLS.
In this case, it checks the certificate presented by the server.
However, Asterisk truncates the Common Name of the X.509
certificate after the first null (’\0’) character. So, the
"www.server.com\x00www.example.com" certificate is accepted as
being the certificate for "www.server.com".
An attacker can therefore act as a Man-in-the-middle using a null
Common Name, in order to capture data belonging to the SIP session
of Asterisk.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Asterisk-Man-in-the-middle-via-null-Common-Name-16566