| Name |
Exploiting Incorrectly Configured SSL |
|
| Likelyhood of attack |
Typical severity |
| Low |
Low |
|
| Summary |
An adversary takes advantage of incorrectly configured SSL communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server. |
| Prerequisites |
Access to the client/server stream. |
| Execution Flow |
| Step |
Phase |
Description |
Techniques |
| 1 |
Explore |
Determine the configuration levels of either the server or client being targeted, preferably both. This is not a hard requirement, as the attacker can simply assume commonly exploitable configuration settings and blindly attempt them. |
|
| 2 |
Experiment |
Provide controlled access to the server by the client, by either providing a link for the client to click on, or by positioning one's self at a place on the network to intercept and control the flow of data between client and server, e.g. MITM (man in the middle). |
|
| 3 |
Exploit |
Insert the malicious data into the stream that takes advantage of the configuration flaw. |
|
|
| Solutions | Usage of configuration settings, such as stream ciphers vs. block ciphers and setting timeouts on SSL sessions to extremely low values lessens the potential impact. Use of later versions of TLS (e.g. TLS 1.1+) can also be effective, but not all clients or servers support the later versions. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-201 |
Insertion of Sensitive Information Into Sent Data |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-216 |
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise. |
|