I created a Camtasia Movie some time ago "exploiting" the vulnerability by injecting "/user/profile/E1/" into the first ssl request to "/" http://www.hacking-lab.com/download/ This can help others to understand the vulnerability. Regards Ivan -----Original Message----- From: Barry Raveendran Greene [mailto:bgreene@xxxxxxxxx] Sent: Monday, December 21, 2009 9:16 PM To: 'RedTeam Pentesting GmbH'; bugtraq@xxxxxxxxxxxxxxxxx Subject: RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Also, can you change this: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF draft standard that addresses the vulnerability." To: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS Working Group draft that addresses the vulnerability." Where "IETF TLS Working Group" is hyperlinked to http://www.ietf.org/dyn/wg/charter/tls-charter.html That would help people who do not have a clue who the IETF or the TLS WG or that both are open standards forums. Thanks, Barry > -----Original Message----- > From: RedTeam Pentesting GmbH [mailto:release@xxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, December 21, 2009 5:04 AM > To: bugtraq@xxxxxxxxxxxxxxxxx > Subject: TLS Renegotiation Vulnerability: Proof of Concept Code > (Python) > > Information about a vulnerability in the TLS protocol was published in > the > beginning of November 2009. Attackers can take advantage of that > vulnerability > to inject arbitrary prefixes into a network connection protected by > TLS. This > can result in severe vulnerabilities, depending on the application > layer > protocol used over TLS. > > RedTeam Pentesting used the Python module "TLS Lite" to develop proof > of concept > code that exploits this vulnerability. It is published at > > http://www.redteam-pentesting.de/publications/tls-renegotiation > > to raise awareness for the vulnerability and its potential impact. > Furthermore, > it shall give interested persons the opportunity to analyse > applications > employing TLS for further vulnerabilities. > > -- > RedTeam Pentesting GmbH Tel.: +49 241 963-1300 > Dennewartstr. 25-27 Fax : +49 241 963-1304 > 52068 Aachen http://www.redteam-pentesting.de/ > Germany Registergericht: Aachen HRB 14004 > Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
