Showing 1 - 3 of 3

Files from Adam Langley

OpenSSL Alternative Chains Certificate Forgery MITM Proxy: Posted Jul 27, 2015; Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com; This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.; tags | exploit, cryptography; advisories | CVE-2015-1793; SHA-256 | 0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3b; Download | Favorite | View

FreeBSD Security Advisory - OpenSSL Certificate Forgery: Posted Jul 10, 2015; Authored by Adam Langley, David Benjamin | Site security.freebsd.org; FreeBSD Security Advisory - During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails, unless the application explicitly specifies X509_V_FLAG_NO_ALT_CHAINS. An error in the implementation of this logic could erroneously mark certificate as trusted when they should not. An attacker could cause certain checks on untrusted certificates, such as the CA (certificate authority) flag, to be bypassed, which would enable them to use a valid leaf certificate to act as a CA and issue an invalid certificate.; tags | advisory; systems | freebsd; advisories | CVE-2015-1793; SHA-256 | 7506aba3461e8c1915436a9531f38abc96e09fee2b93caefa87da64dce1a32d3; Download | Favorite | View

Certificate Authority Transparency And Auditability: Posted Nov 30, 2011; Authored by Ben Laurie, Adam Langley; Whitepaper called Certificate Authority Transparency and Auditability. The goal of this paper is to make it impossible (or at least very difficult) for a Certificate Authority (CA) to issue a certificate for a domain without the knowledge of the owner of that domain. A secondary goal is to protect users as much as possible from mis-issued certificates.; tags | paper; SHA-256 | baa285ffbc1c0f086a22438517cd8c203c13124a4eb655414ea8a04b440b3651; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days