Vigil@nce - Windows: information disclosure via Schannel
May 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located as a Man-in-the-Middle, can force the Windows
Schannel client to accept a weak algorithm, in order to more
easily capture or alter exchanged data.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows
Vista
Severity: 1/4
Creation date: 12/05/2015
DESCRIPTION OF THE VULNERABILITY
The SChannel (Secure Channel) SSP implements the SSL and TLS
protocols, which are used to authenticate the client/server and to
create a secured tunnel.
The TLS protocol uses a series of messages which have to be
exchanged between the client and the server, before establishing a
secured session. Several cryptographic algorithms can be
negotiated. However, Schannel accepts Diffie-Hellman Ephemeral
keys of 512 bits only.
An attacker, located as a Man-in-the-Middle, can therefore force
the Windows Schannel client to accept a weak algorithm, in order
to more easily capture or alter exchanged data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-information-disclosure-via-Schannel-16896