Original release date: June 6, 2000<BR> Last Revised: --<BR> Source: CERT/CC<BR> <P>A complete revision history is at the end of this file. <A NAME="affected"> <H3>Systems Affected</H3> <UL> <LI> Systems running Microsoft Internet Explorer </li> </UL> <H2>Overview</H2> <P> Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in <A HREF="http://www.cert.org/advisories/CA-2000-05.html">CERT Advisory CA-2000-05</a> and <A HREF="http://www.cert.org/advisories/CA-2000-08.html">CERT Advisory CA-2000-08,</a> but they have a similar impact. <A NAME="description"> <H2>I. Description</H2> <p>Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One very common use of digital certificates is to secure electronic commerce transactions through SSL (Secure Socket Layer). The kind of certificates used in e-commerce transactions are called X.509 certificates. The X.509 certificates help a web browser and the user ensure that sensitive information transmitted over the Internet is readable only by the intended recipient. This requires verifying the recipient's identity and encrypting data so that only the recipient can decrypt it. <p>The "padlock" icon used by Internet Explorer (as well as Netscape and other browsers) is an indication that an SSL-secured transaction has been established to someone. It does not necessarily indicate to whom the connection has been established. Internet Explorer (and other browsers) take steps to warn users when DNS-based information conflicts with the strongly authenticated information contained in the X.509 certificates used in SSL transactions. These warnings are supplemental information to help users decide if they're connecting to whom they think they are connecting. These steps and warnings are designed to protect against attacks on the DNS information. <p>Descriptions of the problems provided by Microsoft are shown below. <H4>IE fails to validate certificates in images or frames</H4> <p>When a connection to a secure server is made via either an image or a frame, IE only verifies that the server's SSL certificate was issued by a trusted root - it does not verify the server name or the expiration date. When a connection is made via any other means, all expected validation is performed. <H4>IE fails to revalidate certificates within the same session</H4> <p>Even if the initial validation is made correctly, IE does not re-validate the certificate if a new SSL session is establish with the same server during the same IE session. <p>We encourage you to read <A HREF="http://www.microsoft.com/technet/security/bulletin/ms00-039.asp">Microsoft Security Bulletin MS-039</a> for additional details provided by Microsoft. This document is available at <dd> <dl> <A HREF="http://www.microsoft.com/technet/security/bulletin/ms00-039.asp">http://www.microsoft.com/technet/security/bulletin/ms00-039.asp</a> </dl> </dd> <A NAME="impact"> <H2>II. Impact</H2> <p>Attackers can trick users into disclosing information (such as credit card numbers, personal data, or other sensitive information) intended for a legitimate web site. <A name="solution"> <H2>III. Solution</H2> <H3>General Recommendations When Using SSL</H3> <p>DNS information is fundamentally insecure, and there are a variety of means by which an attacker can provide false or misleading DNS information, even in the absence of any vulnerabilities in a DNS server. Browsers attempt to compensate for this insecurity by providing warning messages when the strongly authenticated certificate information does not match the DNS information. While we strongly recommend that you stay up to date with respect to patches and workarounds provided by your browser vendor, we also encourage you to take the following steps, particularly for sensitive transactions. <H4>Check Certificates</H4> <p>The CERT/CC recommends that prior to providing any sensitive information over SSL, you check the name recorded in the certificate to be sure that it matches the name of the site to which you think you are connecting. For example, in Internet Explorer 5 (for Windows), double click on the "padlock" icon to engage the "Certificate" dialog box. Click on the "Details" tab to see information about the certificate, including the thumbprint. Click on the "Certification Path" tab for information about the certificate authority that signed the certificate. If you do not trust the certificate authority or if the name of the server does not match the site to which you think you're connecting, be suspicious. <h4>Validate Certificates Independently</h4> <p>Web browsers come configured to trust a variety of certificate authorities. If you delete the certificates of all the certificate authorities in your browser, then whenever you encounter a new SSL certificate, you will be prompted to validate the certificate yourself. You can do this by validating the fingerprint on the certificate through an alternate means, such as the telephone. That is, the same dialog box mentioned above also lists a fingerprint for the certificate. If you wish to validate the certificate yourself, call the organization for which the certificate was issued and ask them to confirm the fingerprint on the certificate. <p>Deleting the certificates of the certificate authorities in your browser will cause the browser to prompt you for validation whenever you encounter a new site certificate. This may be inconvenient and cumbersome, but it provides you with greater control over which certificates you accept. <p>It is also important to note that this sort of verification is only effective if you have an independent means through which to validate the certificate. This sort of validation is called out-of-band validation. For example, calling a phone number provided on the <b>same</b> web page as the certificate does <b>not</b> provide any additional security. <p>The CERT/CC encourages all organizations engaging in electronic commerce to train help desk or customer support personnel to answer questions about certificate fingerprints/thumbprints. <p><B>Note:</b> Microsoft Internet Explorer 5, Macintosh Edition, does not provide any means by which users can validate certificates by checking the fingerprint/thumbprint. Our conversations with Microsoft indicate that the Macintosh version of Internet Explorer is not affected by these specific problems, however, because of the fundamentally insecure nature of DNS, we recommend using a browser that does allow users to validate certificates on whatever platform they use, including MacOS <H3>Specific Defenses Against These problems</H3> <p>Stay up to date with patches, workarounds, and certificate management products. Appendix A lists information regarding these problems. <H2>Appendix A Vendor Information</H2> <H3>Microsoft Corporation</H3> <P>Information from Microsoft is available at <dd> <dl> <A HREF="http://www.microsoft.com/technet/security/bulletin/ms00-039.asp">http://www.microsoft.com/technet/security/bulletin/ms00-039.asp</a> </dl> </dd> <HR NOSHADE> The CERT Coordination Center thanks the ACROS Security Team of Slovenia, who originally discovered this problem, and Ric Ford, President of MacInTouch, Inc. <HR NOSHADE> <P>Shawn Hernan was the primary author of this document. <P></P> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 2000 Carnegie Mellon University.</P> <P>Revision History <PRE> June 6, 2000: initial release </PRE> |