AOH :: HP Unsorted T :: BU-1321.HTM

TLS Renegotiation Vulnerability: Proof of Concept Code (Python)



TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
TLS Renegotiation Vulnerability: Proof of Concept Code (Python)




--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Information about a vulnerability in the TLS protocol was published in the
beginning of November 2009. Attackers can take advantage of that vulnerability
to inject arbitrary prefixes into a network connection protected by TLS. This
can result in severe vulnerabilities, depending on the application layer
protocol used over TLS.

RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept
code that exploits this vulnerability. It is published at

http://www.redteam-pentesting.de/publications/tls-renegotiation 

to raise awareness for the vulnerability and its potential impact. Furthermore,
it shall give interested persons the opportunity to analyse applications
employing TLS for further vulnerabilities.

-- 
RedTeam Pentesting GmbH                    Tel.: +49 241 963-1300
Dennewartstr. 25-27                        Fax : +49 241 963-1304
52068 Aachen http://www.redteam-pentesting.de/ 
Germany                         Registergericht: Aachen HRB 14004
Gesch=E4ftsf=FChrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBSy9yMtG/HXWsgFSuAQJpOgf/Xvd8KmXvfPP86QUMOxZFC01RQ2uY8gno
9b5CTYKyM3SKsvpB3lRD/5GGHBTDyjZol9+kqfujI39vqxZqP2l0++x2qSakf+Yi
pTsalpU/LLdXjL3EhOPVEQVYS0MHojZeZAbHnQ6kITQ+2PFdPkdj7brToLTTIhUL
XUrR6DE2v4NIU5VtSQCVR1vEOWKekE4wbEEswwvocX/gq/TJSEDoeH7lAydn5L0+
Nucnktn+qpYEoQaubpBFgAJoP5xU7QdXYRKEl4ZXCUPvf+77xD/zJrphwj6qQNsx
lfsOU9Hsw5tXzCAcaCH2SwTXew8C+P+3n9q6DQQhaqJAV1tujNE2wA==/Jxm
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.