Home
Latest images
Search
Register
Log inTLS / SSLv3 renegotiation vulnerability explained
Page 1 of 1
TLS / SSLv3 renegotiation vulnerability explained
andry Mon Dec 20, 2010 4:48 am
When speaking of a “Man in the Middle” attack, it is often assumed that data can be altered or changed. Indeed an attacker that sits in the middle of a connection (hence it’s name) is often able to do so. In this particular case however the attacker piggybacks an existing authenticated and encrypted TLS sessions in order t(prefix) inject arbitrary text of its choice. The attacker may not read/alter the other TLS session between the “client” and the “server”. See Chapter 3 - “Example of an attack scenario...” for more details
This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing.
Download TLS / SSLv3 renegotiation vulnerability explained PDF
This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing.
Download TLS / SSLv3 renegotiation vulnerability explained PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Exploit Categories Explained
» Internet Protocol explained
» Automated SEO poisoning attacks explained
» Apocalyptic Vulnerability Percentages - FUD 101
» Vulnerability to Firebook
» Internet Protocol explained
» Automated SEO poisoning attacks explained
» Apocalyptic Vulnerability Percentages - FUD 101
» Vulnerability to Firebook
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum