InfoconDB

Presented at Black Hat Asia 2019, March 29, 2019, 9 a.m. (60 minutes)

HTTPS is the backbone for online privacy and commerce – yet, for two decades, the underlying TLS protocol received little more than a series of band-aid fixes. Rather than deprecating cryptographic techniques with known weakness, the TLSv1.2 specification has a long list of workarounds, countermeasures and caveats, which must be carefully followed to prevent attack. This is evident from the fact that PKCS #1 v1.5 padding, RC4 encryption, and CBC mode ciphers can all be used in TLSv1.2.

This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE. The GOLDENDOODLE attack also demonstrates that a Cisco ASA CVE previously not known to affect confidentiality can, in fact, reveal sensitive data, such as session cookies to a network-based attacker.

Presenters:

Craig Young - Principal Security Researcher, Tripwire VERT
Craig Young is Principal Security Researcher for Tripwire's Vulnerability and Exposures Research Team (VERT). Over the years, Craig has disclosed many vulnerabilities covering a wide range of products and services including Android, iOS/macOS, PHP, Apache HTTPD, and Google to name a few. In 2018, he was part of a team to receive a Pwnie for the ROBOT research which demonstrated that Bleichenbacher oracles described in 1998 still affected a dozen vendors including most prominently F5 and Citrix. In many cases, such as Facebook.com, an attacker could have exploited this behavior to impersonate the HTTPS site.

Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All

Presenters:

Links: