Vigil@nce - PolarSSL: accepting a certificate with a CA not authorized for server
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious certificate, which is accepted
as valid by PolarSSL, in order to invite the victim to connect to
a server setup as a Man-in-the-Middle.
– Impacted products: Unix (platform)
– Severity: 2/4
– Creation date: 04/04/2014
DESCRIPTION OF THE VULNERABILITY
The PolarSSL library implements the SSL/TLS protocol. It has to
perform checks on X.509 certificates.
However, this library accepts a certificate not authorized to be
used for server authentication.
An attacker can therefore create a malicious certificate, which is
accepted as valid by PolarSSL, in order to invite the victim to
connect to a server setup as a Man-in-the-Middle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN