Final release for my paper explaining the different attack vectors and impacts for (CVE-2009-3555) "TLS / SSL renegotiation vulnerability".
- Added comments and corrections by Alun Jones (Who I hereby thank for his time)
- Changed FTPS description
- Better PDF output
I profit from the update to stress particular impacts that seem to be forgotten about, in addition to the plain-text injection described everywhere (Please refer to the paper to know more)
- Potentially allows to downgrade from HTTPS to HTTP (à la SSLstrip)
- Potentially allows to inject XSS into Trace requests
- My own 2 Proof of concepts
- Red-Team Pentesting Proof of Concept
- Openssl (How-to available in the paper)
I have been delighted by the interest given to this paper at the time, the paper is referenced by the US-CERT, DFN-CERT, BELNET-CERT, SWITCH-cert, Nessus, Qualys, c't Heise and the book "IPhone and IOS Forensics: Investigation, Analysis and Mobile Security" covers the analysis on Page 110
Download "TLS/SSL Session Renegotiation Vulnerability Explained"