Freely subscribe to our NEWSLETTER

– Gravity: 1/4
– Consequences: data flow
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: low (1/3)
– Creation date: 16/01/2009

IMPACTED PRODUCTS

– Cisco IOS
– Cisco PIX/ASA Software
– Lotus Notes
– Maxthon
– Microsoft Internet Explorer
– Microsoft Windows - plateform
– Mozilla Firefox
– Mozilla SeaMonkey
– Mozilla Suite
– Netscape Browser
– Netscape Communicator
– Netscape Navigator
– Opera
– Unix - plateform

DESCRIPTION OF THE VULNERABILITY

At the end of 2008 (VIGILANCE-ACTU-1377), using a cluster of 200
game consoles, researchers used a collision on MD5, to create a
fake certification authority recognized by all browsers.

Here is a description of the attack:
– The attacker chooses a Certification Authority (CA) using MD5
signatures (RapidSSL, FreeSSL, TC TrustCenter AG, RSA Data
Security, Thawte, verisign.co.jp).
– The attacker requests to this CA a certificate for a web site.
This initial certificate is thus signed with MD5.
– The attacker alters this certificate to transform it to an
Intermediary Certification Authority (IAC), and then uses a MD5
collision to ensure it has the same MD5 as the initial
certificate.
– The attacker uses the IAC to generate a web site certificate
(WS).
– The attacker setups a malicious web site, proposing
certificates for the WS and the ACI.
– The victim connects to the web site. His web browser contains
the root certificate of the CA, which authenticates the IAC and
then the WS.

No error message is displayed in victim’s browser, who can then
trust attacker’s web site.

CHARACTERISTICS

– Identifiers: 17341, BID-33065, CSCsw88068, CSCsw90626,
CVE-2004-2761, VIGILANCE-VUL-8401, VU#836068
– Url: http://vigilance.fr/vulnerability/SSL-creating-a-fake-certification-authority-8401