Bugtraq mailing list archives
RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
From: "Barry Raveendran Greene" <bgreene () senki org>
Date: Mon, 21 Dec 2009 12:16:16 -0800
Also, can you change this: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF draft standard that addresses the vulnerability." To: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS Working Group draft that addresses the vulnerability." Where "IETF TLS Working Group" is hyperlinked to http://www.ietf.org/dyn/wg/charter/tls-charter.html That would help people who do not have a clue who the IETF or the TLS WG or that both are open standards forums. Thanks, Barry
-----Original Message----- From: RedTeam Pentesting GmbH [mailto:release () redteam-pentesting de] Sent: Monday, December 21, 2009 5:04 AM To: bugtraq () securityfocus com Subject: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Information about a vulnerability in the TLS protocol was published in the beginning of November 2009. Attackers can take advantage of that vulnerability to inject arbitrary prefixes into a network connection protected by TLS. This can result in severe vulnerabilities, depending on the application layer protocol used over TLS. RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept code that exploits this vulnerability. It is published at http://www.redteam-pentesting.de/publications/tls-renegotiation to raise awareness for the vulnerability and its potential impact. Furthermore, it shall give interested persons the opportunity to analyse applications employing TLS for further vulnerabilities. -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
Current thread:
- TLS Renegotiation Vulnerability: Proof of Concept Code (Python) RedTeam Pentesting GmbH (Dec 21)
- RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Barry Raveendran Greene (Dec 22)
- RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Ivan Buetler (Dec 23)
- RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Barry Raveendran Greene (Dec 22)