Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - TLS: obtaining data size via HTTPS Bicycle

March 2016 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can analyze TLS sessions using the GCM mode, in order to guess the size of confidential data sent.

Impacted products: SSL protocol.

Severity: 2/4.

Creation date: 06/01/2016.

DESCRIPTION OF THE VULNERABILITY

The TLS protocol supports several "ciphers". For example:
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384

Those containing "GCM", use the Galois/Counter Mode, which is a stream cipher (and not a block cipher). The size of the encrypted message is thus the same as the size of the clear message. This property (weakness) is known since several years. Note: RC4 is also a stream cipher, but its usage is now not recommended.

However, if the attacker captures TLS packets, and knows a part of the clear message, he can deduce the length of unknown data. For example, the attacker can go to the authentication page of a web service with the same browser than the victim, in order to know the length of HTTP headers which are usually sent in the TLS session. Then, if he captures the victim’s TLS session, he can obtain the size of data sent in the authentication form, and thus guess the size of his password.

An attacker can therefore analyze TLS sessions using the GCM mode, in order to guess the size of confidential data sent.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...




See previous articles

    

See next articles