Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: demoing sslv2 vulns
From: Sebastien J <sebastien.j () gmail com>
Date: Mon, 5 Jul 2010 15:28:52 +0100

Hi Robin,

For weak SSL ciphers, particularly the ones that don't actually do
encryption, then you could demo something. You can force your client
to request a non-encrypting cipher suite, and then show how it's
possible to intercept traffic in cleartext over the network.

For cipher suites that DO encrypt, the 56-bit ones are very weak and
shouldn't be used. Unless you want to bother cracking encryption, you
won't be able to immediately demo this one. It's simply a question of
telling them that weak encryption sucks and can already be broken by a
determined attacker.

The SSLv2 protocol itself has a number of vulnerabilities. It depends
on the version of SSL they use and which platform it's running on. But
it's safe to say there are a number of issues and they should be using
SSLv3/TLSv1.

See here for one example of an SSLv2 vuln:
http://www.securityfocus.com/bid/5363/discuss

Sincerely,
SJ
--
http://www.securitygeneration.com

On Fri, Jul 2, 2010 at 3:16 PM, Robin Wood <robin () digininja org> wrote:
When scanning web servers the scanners regularly come with
vulnerabilities for weak and medium ciphers and SSL v2. A client has
recently asked why these are an issue and can they have a demo of them
being exploited. I've found some technical level docs on why this is a
problem but I'm looking for some kind of walk through on how to demo
exploiting this. Does anyone have one?

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Sincerely,
Sebastien J.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault