Vigil@nce - Windows Schannel: weakening TLS encryption via FREAK
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located as a Man-in-the-Middle, can force the Windows
Schannel client to accept a weak export algorithm, in order to
more easily capture or alter exchanged data.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008
R2, Microsoft Windows 2012, Windows 7, Windows 8, Windows RT,
Windows Vista
Severity: 2/4
Creation date: 06/03/2015
DESCRIPTION OF THE VULNERABILITY
The TLS protocol uses a series of messages which have to be
exchanged between the client and the server, before establishing a
secured session.
Several cryptographic algorithms can be negotiated, such as
algorithms allowed for USA export (less than 512 bits).
An attacker, located as a Man-in-the-Middle, can inject during the
session initialization a message choosing an export algorithm.
This message should generate an error, however, the Windows
Schannel client accepts it.
Microsoft indicates that this vulnerability is different from
VIGILANCE-VUL-16301, because export algorithms are disabled, but
still used. Excepted this policy difference, this vulnerability is
identical.
An attacker, located as a Man-in-the-Middle, can therefore force
the Windows Schannel client to accept a weak export algorithm, in
order to more easily capture or alter exchanged data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-Schannel-weakening-TLS-encryption-via-FREAK-16332