Final release for my paper explaining the different attack vectors and impacts for (CVE-2009-3555) "TLS / SSL renegotiation vulnerability".

  • Added comments and corrections by Alun Jones (Who I hereby thank for his time)
  • Changed FTPS description
  • Better PDF output
I profit from the update to stress particular impacts that seem to be forgotten about, in addition to the plain-text injection described everywhere (Please refer to the paper to know more)

Additional Impacts
  • Potentially allows to downgrade from HTTPS to HTTP (à la SSLstrip)
  • Potentially allows to inject XSS into Trace requests
Available Tools (2011)
I have been delighted by the interest given to this paper at the time, the paper is referenced by the US-CERT, DFN-CERT, BELNET-CERT, SWITCH-cert, Nessus, Qualys, c't Heise and the book "IPhone and IOS Forensics: Investigation, Analysis and Mobile Security" covers the analysis on Page 110

Download "TLS/SSL Session Renegotiation Vulnerability Explained"


EAP-TTLS said... @ 11 December, 2012 13:27

Historically, organisations have implemented security measures, including WEP, WPA and WPA2, on wireless networks. However, these solutions when implemented in unison are often insufficient to prevent determined hackers from gaining access to the wireless network.

Post a Comment