Vigil@nce - TLS: RC4 decryption via Bar Mitzvah Attack
May 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the Bar Mitzvah Attack on TLS, in order to
obtain sensitive information encrypted by RC4.
– Impacted products: Black Diamond, ExtremeXOS, Summit, AIX, Tivoli
Workload Scheduler, WebSphere MQ, SSL/TLS, RHEL
– Severity: 2/4
– Creation date: 27/03/2015
DESCRIPTION OF THE VULNERABILITY
During the initialization of a TLS session, the client and the
server negotiate cryptographic algorithms. The RC4 algorithm can
be chosen to encrypt data.
For some weak keys (one over 2^24), the Invariance Weakness can be
used to predict the two LSB (Least Significant Bit) of the 100
first bytes encrypted with RC4. The first TLS message is
"Finished" (36 bytes), thus an attacker can predict LSBs of 64
bytes.
An attacker can therefore use the Bar Mitzvah Attack on TLS, in
order to obtain sensitive information encrypted by RC4.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TLS-RC4-decryption-via-Bar-Mitzvah-Attack-16486