Forged PayPal certificate fools IE, Chrome and Safari
The posting of a trick SSL certificate for www.paypal.com and its pertaining private key on the Full Disclosure security mailing list should finally force Microsoft, Google and Apple into releasing updates to fix the NULL prefix vulnerability. Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers – which would only be detected by subjecting the certificate to closer scrutiny. The certificate could also be used for man-in-the-middle attacks in local networks.
Inserting a null character in a certificate's common name will prompt vulnerable browsers to only read up to this character, although the certificate may have actually been issued for a different domain. The current case tricks a browser into thinking that it has detected a valid certificate for www.paypal.com. The hole has been known to exist in various browsers for several weeks. So far, of all the popular browsers, only Firefox and Opera have not fallen for the trick.
While Internet Explorer is generally vulnerable to the crafted certificates, IE versions 7 and 8 do issue an alert because the certificate has since been revoked by the issuing trusted third party, IPS CA. The Microsoft browser refuses to display the page because it checks the certification authority's revocation list. Disabling this check, which is enabled by default, will cause the browser to accept the certificate. However, revocation checks should not be regarded as inherently trusted, especially for SSL attacks via the intranet; In July, Moxie Marlinspike described a way of bypassing
online revocation checks.
The current versions of Chrome 3.x and Safari 4.x, on the other hand, accept the certificate without issuing an alert, as their default settings don't include a revocation check. In Chrome, the revocation check feature can be enabled at "Options/Under the hood/Check for server certificate revocation."
Last week, hacker Jacob Appelbaum published a certificate which, in vulnerable browsers, works for arbitrary domains without triggering an alert. However, Internet Explorer also issued a warning for this certificate because it doesn't support * wild cards in certificates.
See also:
- null-prefix certificate for paypal, a Grok posting by Tim Jones.
- SSL trick certificate published, a report from The H.
- SSL flaw revealed at Black Hat , a report from The H.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
