News
Vigil@nce: SSL, TLS, obtaining HTTPS Cookies via Deflate
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can control HTTPS connections of victim’s web
browser, can use several SSL sessions compressed with Deflate in
order to compute HTTP headers, such as cookies.
– Impacted products: Firefox, SSL/TLS
– Severity: 1/4
– Creation date: 14/09/2012
DESCRIPTION OF THE VULNERABILITY
The RFC 3749 adds the support for data compression, before
encrypting them with SSL/TLS.
The Deflate compression algorithm replaces duplicate patterns by a
reference. For example:
hello mister hello madam
is compressed to:
hello mister [reference] madam
So, the compression of a pattern already found is shorter than the
compression of a pattern not yet seen. This difference in size
thus indicates if the second pattern was already seen.
HTTP cookies are for example like:
Cookie: secret=1234
If the attacker adds "Cookie: secret=1234" later in the HTTP body,
the compressed string will be shorter than if he added "Cookie:
secret=5678" in the body. This difference in size thus allow the
cookie to be guessed, character by character, using a brute force.
An attacker, who can control HTTPS connections of victim’s web
browser, can therefore use several SSL sessions compressed with
Deflate in order to compute HTTP headers, such as cookies.
This attack requires that the web browser supports the RFC 3749.
This is not the case of Internet Explorer, Opera and Safari.
However, Chrome and Firefox may be vulnerable (precise versions
are not yet known).
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SSL-TLS-obtaining-HTTPS-Cookies-via-Deflate-11952
