Re: demoing sslv2 vulns

[Sebastien J <sebastien.j () gmail com>]

Hi Robin,

For weak SSL ciphers, particularly the ones that don't actually do
encryption, then you could demo something. You can force your client
to request a non-encrypting cipher suite, and then show how it's
possible to intercept traffic in cleartext over the network.

For cipher suites that DO encrypt, the 56-bit ones are very weak and
shouldn't be used. Unless you want to bother cracking encryption, you
won't be able to immediately demo this one. It's simply a question of
telling them that weak encryption sucks and can already be broken by a
determined attacker.

The SSLv2 protocol itself has a number of vulnerabilities. It depends
on the version of SSL they use and which platform it's running on. But
it's safe to say there are a number of issues and they should be using
SSLv3/TLSv1.

See here for one example of an SSLv2 vuln:
http://www.securityfocus.com/bid/5363/discuss

Sincerely,
SJ
--
http://www.securitygeneration.com

On Fri, Jul 2, 2010 at 3:16 PM, Robin Wood <robin () digininja org> wrote:
> When scanning web servers the scanners regularly come with
> vulnerabilities for weak and medium ciphers and SSL v2. A client has
> recently asked why these are an issue and can they have a demo of them
> being exploited. I've found some technical level docs on why this is a
> problem but I'm looking for some kind of walk through on how to demo
> exploiting this. Does anyone have one?
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Sincerely,
Sebastien J.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com