Sign Up

Have an account?

Sign In

Don't have account,

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Have an account?

You must login to ask question.

Need An Account,

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Search
Ask A Question
Home/ Uncategorized/TLS 1.2
On: Posted in Uncategorized Comments: 0 Views: 18

TLS 1.2

Vulnerability in TLS 1.2

Bad news: there’s a vulnerability in TLS 1.2. Good news: researchers say it’s “very hard to exploit” and major vendors have already released security patches for it.

A team of researchers has documented a vulnerability in TLS 1.2 (and earlier versions) that could allow a man-in-the-middle attacker to acquire a shared session key and decrypt SSL/TLS traffic.

The vulnerability only applies in very specific circumstances and is difficult to execute, but software vendors have released patches to block potential attackers from taking advantage of this loophole.

(In case you’re wondering: No you don’t have to re-issue any certificates!)

What is the Raccoon Attack? How does it work? What should site owners do?

Let’s hash it out.

What is the Raccoon Attack?

The Raccoon attack is a newly discovered vulnerability in TLS 1.2 and earlier versions. It allows hackers (in certain situations) to determine a shared session key and use that to decrypt TLS communications between the server and client.

The attack doesn’t allow a hacker to obtain the private key, so they’d have to perform the attack individually on each connection they want to eavesdrop on.

In order to execute the Raccoon Attack, a hacker needs several conditions in place:

  1. Successfully setup a man-in-the-middle attack to intercept communications
  2. Connection must use TLS 1.2 or previous (but we’ve all disabled SSL 3.0, TLS 1.0, and TLS 1.1 already…right?)
  3. Connection must use Diffie-Hellman key exchange
  4. Server must re-use Diffie-Hellman public keys
  5. The attacker needs to be near the target server in order to run precise timing measurements

If you’d like to learn more about how the attack is executed, the researchers have setup a very informative website at raccoon-attack.com with technical details and FAQs.

As far as we know, this attack has not been used in the real world. Researchers say that due to the multiple conditions that have to be in place for this attack to work, “a real-world attacker will probably use other attack vectors that are simpler and more reliable than this attack”.

What Should Site Admins Do?

Raccoon is a possible but rather unlikely attack, and it targets configurations that were already considered bad practice and were being disabled by browsers. In the words of the researchers who found it:

“Raccoon is a complex timing attack and it is very hard to exploit. It requires a lot of stars to align to decrypt a real-world TLS session.”

Raccoon might not be a very likely real-world attack, but it’s still a proven vulnerability, so site admins would be wise to check their servers and plug this potential security hole if necessary.

Test Your Server

As a first step, you can do a quick test to see if your server software/configuration might be vulnerable to Raccoon.

Here’s how:

1) Go to SSL Labs, run a test for your domain, and look for this setting:

SSL Labs test for Raccoon Attack.

Vulnerability in TLS 1.2

2) If that parameter says “Yes” then your server may be vulnerable.

Patching Your Server

If your server is vulnerable to this attack, you will likely be able to solve the issue by simply patching or upgrading the relevant software package:

Researchers indicate that BearSSL, BoringSSL, Botan, Mbed TLS and s2n are not vulnerable to Raccoon.

Does this Affect My SSL Certificate?

No, this should not affect any SSL certificates—it’s an issue with server/client configuration, not the digital certificate. We don’t anticipate any SSL/TLS certificates will need to be revoked or re-issued.

Let’s Move to TLS 1.3

This vulnerability is another great reminder to move towards TLS 1.3—which is generally more secure and efficient than TLS 1.2.

“The complexity of this attack makes it unlikely to be used in practice; however, to be safe, organizations are encouraged to adopt TLS 1.3 and begin deprecating older versions of the protocol.”

Dean Coclin, CISSP, DigiCert

For more details on why TLS 1.3 is better, faster, and more secure, see our previous post: TLS 1.3: Everything you need to know.

What’s in A Name “Raccoon”?

POODLEGOLDENDOODLE, and now RACCOON. (All animal names that include “oo”. I wonder what’s next…Baboon? Kangaroo? Coonhound?)

Name was chosen by the team of researchers that discovered the vulnerability: Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, and Jörg Schwenk. Unlike many other TLS vulnerability names, Raccoon isn’t an abbreviation or acronym for a longer title.

Plus, it turns out that raccoons are pretty good at getting into things that are supposed to be locked and secure, so the name seems pretty fitting to us: https://youtu.be/UyQRwDTtRCE

For more blogs click here

Previous article
Next article

Related Posts

if else in Cypress
On:

if else in Cypress

ü meaning in csv data
On:

ü meaning in csv data

Leave a comment

You must login to add a new comment.

Need An Account,