Vigil@nce - nginx: reusing SSL session
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can, in some configurations of nginx, obtain an access
to the session of another SSL user.
Impacted products: Debian, nginx, OpenBSD, Ubuntu
Severity: 2/4
Creation date: 16/09/2014
DESCRIPTION OF THE VULNERABILITY
The nginx product implements a web service.
It can be configured with "server" blocks containing the same
"ssl_session_cache" or "ssl_session_ticket_key" parameters. For
example (simplified):
ssl_session_ticket_key "/etc/ssl/ticket.key";
server ssl_session_cache shared:SSL:1m;
server ...
However, in this configuration, cached SSL sessions can be reused
for another client.
An attacker can therefore, in some configurations of nginx, obtain
an access to the session of another SSL user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/nginx-reusing-SSL-session-15357