• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Insufficient Transport Layer Protection

Page history last edited by Ivan Ristić 10 years, 5 months ago

Project: WASC Threat Classification

Threat Type: Weakness

Reference ID: WASC-04

 

Insufficient Transport Layer Protection

Insufficient transport layer protection allows communication to be exposed to untrusted third-parties, providing an attack vector to compromise a web application and/or steal sensitive information. Websites typically use Secure Sockets Layer / Transport Layer Security (SSL/TLS) to provide encryption at the transport layer [1]. However, unless the website is configured to use SSL/TLS and configured to use SSL/TLS properly, the website may be vulnerable to traffic interception and modification.

 

Lack of Transport Layer Encryption

When the transport layer is not encrypted, all communication between the website and client is sent in clear-text which leaves it open to interception, injection and redirection (also known as a man-in-the-middle/MITM attack). An attacker may passively intercept the communication, giving them access to any sensitive data that is being transmitted such as usernames and passwords. An attacker may also actively inject/remove content from the communication, allowing the attacker to forge and omit information, inject malicious scripting, or cause the client to access remote untrusted content. An attacker may also redirect the communication in such a way that the website and client are no longer communicating with each other, but instead are unknowingly communicating with the attacker in the context of the other trusted party.

 

Weak Cipher Support

Historically, high grade cryptography was restricted from export to outside the United States[2]. Because of this, websites were configured to support weak cryptographic options for those clients that were restricted to only using weak ciphers. Weak ciphers are vulnerable to attack because of the relative ease of breaking them; less than two weeks on a typical home computer and a few seconds using dedicated hardware[3].

Today, all modern browsers and websites use much stronger encryption, but some websites are still configured to support outdated weak ciphers. Because of this, an attacker may be able to force the client to downgrade to a weaker cipher when connecting to the website, allowing the attacker to break the weak encryption. For this reason, the server should be configured to only accept strong ciphers and not provide service to any client that requests using a weaker cipher. In addition, some websites are misconfigured to choose a weaker cipher even when the client will support a much stronger one. OWASP offers a guide to testing for SSL/TLS issues, including weak cipher support and misconfiguration[4], and there are other resources and tools [5][6] as well.

 

Example 1. Testing a properly configured server reveals it doesn't support SSLv2.

[root@test]# openssl s_client -connect www.securesite.tld:443 -ssl2
CONNECTED(00000003)
write:errno=104
[root@test]#

Example 2. Testing an improperly configured server reveals it does support SSLv2.

[root@test]# openssl s_client -connect www.insecuresite.tld:443 -ssl2
CONNECTED(00000003)
depth=0 /C=US/ST=State/L=City/O=InsecureSite/CN=www.insecuresite.tld
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=State/L=City/O=InsecureSite/CN=www.insecuresite.tld
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=State/L=City/O=InsecureSite/CN=www.insecuresite.tld
verify error:num=21:unable to verify the first certificate
verify return:1
---
Server certificate
-----BEGIN CERTIFICATE-----
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
RGYo4XoX/MgNiiyI674jXnLtPoQfCQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA4MDMwNzIxMTYwOFoXDTA5MDMwNzIxMTYwOFow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnd3dy5n
b29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvURo9uavn0gBs
+Bp3IeQdVu63bVR84rLpVOI9EW2niG0zM+Pi8VmaoXFg+hjTSMntLPzQXQQvKozU
8gQBGQ2yR+27bhd/dOv7oSA0a6N6ULQ5VkD/nTBzFCkkU9x6cLjqB6tcmz8/DJdd
RGYo4XoX/MgNiiyI674jXnLtPoQfCQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQBLvybaMosHcVT975Ae92s3+Xbel/SzOSyO
zpgxQAC+xz7roCl8zcy5v8dWMTBKU717S7lf0SN2asuPh5RoICWbWDR+Tl7PGDxN
cnZlckB0aGF3dGUuY29tMB4XDTA4MDMwNzIxMTYwOFoXDTA5MDMwNzIxMTYwOFow
Mb9zNNVdZQ==
-----END CERTIFICATE-----
subject=/C=US/ST=State/L=City/O=InsecureSite/CN=www.insecuresite.tld
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte 
Premium Server CA/emailAddress=premium-server@thawte.com
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5         EXP-RC4-MD5     RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5     DES-CBC3-MD5
---
SSL handshake has read 1004 bytes and written 239 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv2
    Cipher    : DES-CBC3-MD5
    Session-ID: A0B6C34939B9C9D00B399119C0F9B0DE
    Session-ID-ctx:
    Master-Key: D977D3652B601712AE9297A7D443F7B056A4651DE90448EE
    Key-Arg   : 65EF38557528C3F5
    Krb5 Principal: None
    Start Time: 1224566405
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
closed
[root@test]#

 

Mixed Content

Websites that serve a web page using transport layer protection (HTTPS), but then also include additional content on the page such as JavaScript or images over HTTP are using mixed content and are vulnerable to attack. An attacker could replace the legitimate JavaScript being sent to the browser with a malicious version and have it execute in the context of the HTTPS page[7][8]. All content on a secure page must be served via HTTPS, including the HTML, JavaScript, images, CSS, XHR, and any other content.

A similar attack may be used to force a browser into sending a cookie normally transmitted over HTTPS to the HTTP version of the site, exposing the cookie. Cookies should be set with the "secure" flag (and if possible, the "HTTPOnly" flag) to prevent the cookie from being leaked[9].

 

[

Additional Information

SSL/TLS Deployment Best Practices

https://www.ssllabs.com/projects/best-practices/

 

SSL Implementation Security FAQ

http://ferruh.mavituna.com/ssl-implementation-security-faq-oku/

 

CWE-319: Plaintext Transmission of Sensitive Information

http://cwe.mitre.org/data/definitions/319.html

 

CWE-523: Unprotected Transport of Credentials

http://cwe.mitre.org/data/definitions/523.html

 

CWE-614: Sensitive Cookie in HTTPS Session Without "Secure" Attribute

http://cwe.mitre.org/data/definitions/614.html

 

 

 

References

Secure Sockets Layer (SSL)

[1] http://en.wikipedia.org/wiki/Secure_Sockets_Layer

 

Wikipedia: Export of Cryptography

[2] http://en.wikipedia.org/wiki/Export_of_cryptography#PC_era

 

40-bit encryption

[3] http://en.wikipedia.org/wiki/40-bit_encryption

 

OWASP: Testing for SSL-TLS

[4] https://www.owasp.org/index.php/Testing_for_SSL-TLS

 

PCI DIY - Checking for Weak SSL Encryption with OpenSSL

[5] http://pcianswers.com/2007/04/03/pci-diy-checking-for-weak-ssl-encryption-with-openssl/

 

SSLDigger - A tool to assess the strength of SSL servers by testing the ciphers supported

[6] http://www.foundstone.com/us/resources/proddesc/ssldigger.htm

 

Airpwn - framework for 802.11 (wireless) packet injection

[7] http://airpwn.sourceforge.net/Airpwn.html

 

Surf Jacking Secure Cookies

[8] http://xs-sniper.com/blog/2008/09/24/surf-jacking-secure-cookies/

 

Cookie hijacking

[9] http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_hijacking

 

Transport Layer Protection Cheat Sheet

[10] http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet

 

Comments (0)

You don't have permission to comment on this page.