Researchers have demonstrated an attack with which it is possible to be a part of the information that is to intercept encrypted via SSL / TLS. Unlike several other attacks on the encryption protocol is when attacked by security company Imperva ( pdf ) no need to sit through a man-in-the-middle attack between the user and the Internet. The passive eavesdropping of data, for example, would suffice received by a web application.
The attack is aimed at a thirteen year old vulnerability in the RC4 encryption algorithm, which is used in setting up an SSL / TLS connection. The vulnerability has already been described in 2001, and makes it possible to carry out a "plain text recovery attack" on SSL traffic as RC4 is the used encryption algorithm. Then an attacker can retrieve portions of session cookies, passwords and credit card numbers. The vulnerability is caused by the weak keys that uses RC4.
If an attacker enough SSL / TLS connections can be intercepted found such a weak key, which can then be read the first 100 bytes of the encrypted data. If an attacker tries to steal a session cookie can reduce the effective size of the cookie using this attack, which can be accelerated a brute force attack on the session cookie. Via session cookies, it is possible to take over the session of a user and so as to gain access to online accounts.
The problems with RC4 have long been known , and in 2013, Microsoft released an update for Windows to disable the algorithm. Most browsers would still support RC4, as well as more than half of the servers. According to the researchers such would be 30% of the TLS sessions are still using RC4, even if it is stronger AES algorithm available for quite some time.
No comments:
Post a Comment