Researchers present exploit for SSL vulnerability
Computer scientists from the Technische Universitat Darmstadt have reported that they have developed an exploit for a recently discovered vulnerability in SSL implementations, known about since the end of August. This makes it possible, "in under 10 minutes", to generate a fake SSL certificate, which is accepted by a number of browsers as a genuine certificate from a recognised certificate authority (CA). In combination with manipulated URL's, this would offer new opportunities for phishing attacks.
As a result of a bug, a number of SSL implementations fail, under certain circumstances, to recognise a fake digital signature as such. This bug has already been discovered and fixed in OpenSSL and various browsers are apparently also affected. The attack requires that one of the accepted certificate authorities uses an RSA key with the exponent 3. All of the major browsers have such a CA.
According to the researchers, the browser producers have been informed of the exploit. Internet Explorer 6 and Safari are not affected by this vulnerability. In Firefox, the problem has been fixed from version 184.108.40.206.. Konqueror uses the OpenSSL libraries installed on the system, and is therefore not affected if these are up to date.
The latest version of Opera is, according to its producers, still affected by this problem. An update to Opera 9.02, "to be released soon," is to fix this vulnerability. The TU Darmstadt lists affected certificates in its report and recommends removing these until an update is available. You can check which exponent a certificate uses using OpenSSL:
openssl x509 -noout -text -in <certificate>
Although the security bulletin from the TU Darmstadt limits itself to browsers, the problem also affects other programs which use X.509 certificates. For example, versions of the Thunderbird mail client prior to version 220.127.116.11 fail to recognise such fake digital signatures.