View Source

Original release date: June 6, 2000<BR>
Last Revised: --<BR>
Source: CERT/CC<BR>

<P>A complete revision history is at the end of this file.

<A NAME="affected">
<H3>Systems Affected</H3>

<UL>
<LI>
Systems running Microsoft Internet Explorer
</li>
</UL>
<H2>Overview</H2>

<P> 

Several flaws exist in Microsoft Internet Explorer that could allow an
attacker to masquerade as a legitimate web site if the attacker can
compromise the validity of certain DNS information. These problems are
different from the problems reported in <A
HREF="http://www.cert.org/advisories/CA-2000-05.html">CERT Advisory
CA-2000-05</a> and <A
HREF="http://www.cert.org/advisories/CA-2000-08.html">CERT Advisory
CA-2000-08,</a> but they have a similar impact.

<A NAME="description">
<H2>I. Description</H2>

<p>Digital certificates are small documents used to authenticate and encrypt
information transmitted over the Internet. One very common use of digital
certificates is to secure electronic commerce transactions through SSL (Secure
Socket Layer). The kind of certificates used in e-commerce transactions are
called X.509 certificates. The X.509 certificates help a web browser and the
user ensure that sensitive information transmitted over the Internet is
readable only by the intended recipient. This requires verifying the
recipient's identity and encrypting data so that only the recipient can
decrypt it.  

<p>The "padlock" icon used by Internet Explorer (as well as Netscape and other
browsers) is an indication that an SSL-secured transaction has been
established to someone. It does not necessarily indicate to whom the
connection has been established. Internet Explorer (and other browsers) take
steps to warn users when DNS-based information conflicts with the strongly
authenticated information contained in the X.509 certificates used in SSL
transactions. These warnings are supplemental information to help users decide
if they're connecting to whom they think they are connecting. These steps and
warnings are designed to protect against attacks on the DNS information.

<p>Descriptions of the problems provided by Microsoft are shown
below. 

<H4>IE fails to validate certificates in images or frames</H4>

<p>When a connection to a secure server is made via either an image
or a frame, IE only verifies that the server's SSL certificate was
issued by a trusted root - it does not verify the server name or the
expiration date.  When a connection is made via any other means, all
expected validation is performed.

<H4>IE fails to revalidate certificates within the same session</H4>
<p>Even if the initial validation is made correctly, IE does not
re-validate the certificate if a new SSL session is establish with the
same server during the same IE session.

<p>We encourage you to read <A
HREF="http://www.microsoft.com/technet/security/bulletin/ms00-039.asp">Microsoft
Security Bulletin MS-039</a> for additional details provided by
Microsoft. This document is available at



<dd>
<dl>
<A
HREF="http://www.microsoft.com/technet/security/bulletin/ms00-039.asp">http://www.microsoft.com/technet/security/bulletin/ms00-039.asp</a>
</dl>
</dd>

<A NAME="impact">
<H2>II. Impact</H2> 

<p>Attackers can trick users into disclosing information (such as
credit card numbers, personal data, or other sensitive information)
intended for a legitimate web site.

<A name="solution">
<H2>III. Solution</H2>

<H3>General Recommendations When Using SSL</H3>

<p>DNS information is fundamentally insecure, and there are a variety
of means by which an attacker can provide false or misleading DNS
information, even in the absence of any vulnerabilities in a DNS
server. Browsers attempt to compensate for this insecurity by
providing warning messages when the strongly authenticated certificate
information does not match the DNS information. While we strongly
recommend that you stay up to date with respect to patches and
workarounds provided by your browser vendor, we also encourage
you to take the following steps, particularly for sensitive transactions.


<H4>Check Certificates</H4>

<p>The CERT/CC recommends that prior to providing any sensitive
information over SSL, you check the name recorded in the certificate
to be sure that it matches the name of the site to which you think you
are connecting. For example, in Internet Explorer 5 (for Windows),
double click on the "padlock" icon to engage the "Certificate" dialog
box. Click on the "Details" tab to see information about the
certificate, including the thumbprint. Click on the "Certification
Path" tab for information about the certificate authority that signed
the certificate. If you do not trust the certificate authority or if
the name of the server does not match the site to which you think
you're connecting, be suspicious.

                           
<h4>Validate Certificates Independently</h4>

<p>Web browsers come configured to trust a variety of certificate
authorities. If you delete the certificates of all the certificate
authorities in your browser, then whenever you encounter a new SSL
certificate, you will be prompted to validate the certificate
yourself. You can do this by validating the fingerprint on the
certificate through an alternate means, such as the telephone. That
is, the same dialog box mentioned above also lists a fingerprint for
the certificate. If you wish to validate the certificate yourself,
call the organization for which the certificate was issued and ask
them to confirm the fingerprint on the certificate.

<p>Deleting the certificates of the certificate authorities in your
browser will cause the browser to prompt you for validation whenever
you encounter a new site certificate. This may be inconvenient and
cumbersome, but it provides you with greater control over which
certificates you accept.

<p>It is also important to note that this sort of verification is only
effective if you have an independent means through which to validate
the certificate. This sort of validation is called out-of-band
validation. For example, calling a phone number provided on the
<b>same</b> web page as the certificate does <b>not</b> provide any
additional security.

<p>The CERT/CC encourages all organizations engaging in electronic
commerce to train help desk or customer support personnel to answer
questions about certificate fingerprints/thumbprints.

<p><B>Note:</b> Microsoft Internet Explorer 5, Macintosh Edition, does
not provide any means by which users can validate certificates by
checking the fingerprint/thumbprint. Our conversations with
Microsoft indicate that the Macintosh version of Internet Explorer is
not affected by these specific problems, however, because of the
fundamentally insecure nature of DNS, we recommend using a browser
that does allow users to validate certificates on whatever platform
they use, including MacOS

<H3>Specific Defenses Against These problems</H3>

<p>Stay up to date with patches, workarounds, and certificate management products. Appendix A lists information regarding these problems. 

<H2>Appendix A Vendor Information</H2>

<H3>Microsoft Corporation</H3>
<P>Information from Microsoft is available at 
<dd>
<dl>
<A
HREF="http://www.microsoft.com/technet/security/bulletin/ms00-039.asp">http://www.microsoft.com/technet/security/bulletin/ms00-039.asp</a>
</dl>
</dd>

<HR NOSHADE>

The CERT Coordination Center thanks the ACROS Security Team of
Slovenia, who originally discovered this problem, and Ric Ford,
President of MacInTouch, Inc.

<HR NOSHADE>

<P>Shawn Hernan was the primary author of this document.

<P></P>

<!--#include virtual="/include/footer_nocopyright.html" -->

<P>Copyright 2000 Carnegie Mellon University.</P>

<P>Revision History
<PRE>
June 6, 2000:  initial release
</PRE>