PaulDotCom mailing list archives
Re: demoing sslv2 vulns
From: Robin Wood <robin () digininja org>
Date: Tue, 6 Jul 2010 14:06:24 +0100
On 5 July 2010 15:28, Sebastien J <sebastien.j () gmail com> wrote:
Hi Robin, For weak SSL ciphers, particularly the ones that don't actually do encryption, then you could demo something. You can force your client to request a non-encrypting cipher suite, and then show how it's possible to intercept traffic in cleartext over the network. For cipher suites that DO encrypt, the 56-bit ones are very weak and shouldn't be used. Unless you want to bother cracking encryption, you won't be able to immediately demo this one. It's simply a question of telling them that weak encryption sucks and can already be broken by a determined attacker.
Both good answers but they don't answer my question, to re-ask it in regard to your answers, how do I get a client to downgrade its encryption to either cleartext or a weak key cipher and then what can you use to crack encrypted HTTP streams? I can explain technically why these are bad to a client but what I'm trying to find is a walk through or at least some discussion on how to exploit the problems in the real world. I'm planning to do the demo as a video if I can do one so taking some time to do the cracking is fine I can just time lapse or skip parts.
The SSLv2 protocol itself has a number of vulnerabilities. It depends on the version of SSL they use and which platform it's running on. But it's safe to say there are a number of issues and they should be using SSLv3/TLSv1. See here for one example of an SSLv2 vuln: http://www.securityfocus.com/bid/5363/discuss
This is a vulnerability in the implementation of SSLv2, not in the protocol, its the protocol vulnerability I'm after. Robin
Sincerely, SJ -- http://www.securitygeneration.com On Fri, Jul 2, 2010 at 3:16 PM, Robin Wood <robin () digininja org> wrote:When scanning web servers the scanners regularly come with vulnerabilities for weak and medium ciphers and SSL v2. A client has recently asked why these are an issue and can they have a demo of them being exploited. I've found some technical level docs on why this is a problem but I'm looking for some kind of walk through on how to demo exploiting this. Does anyone have one? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Sincerely, Sebastien J. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- demoing sslv2 vulns Robin Wood (Jul 02)
- Re: demoing sslv2 vulns Sebastien J (Jul 06)
- Re: demoing sslv2 vulns Robin Wood (Jul 06)
- Re: demoing sslv2 vulns Sebastien J (Jul 06)