Jaime Blasco Blog


Jan 2009
25C3: Fake CA Certificates
Sat, 03 Jan 2009 

A security research team has demostrated how to use  MD5 collision to create a rogue Certificate Authority certificate
with a cluster of 200 ps3s!!
You can find all the information here
The attack take advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages 
with the same MD5 hash and affects CAs that are still using this broken hash function like rapidssl.
We can use the python port of M2Crypto to automating the process to obtain server certificates to verify 
they are still using a certificate signed with MD5:




from M2Crypto import SSL

ctx = SSL.Context()
conn = SSL.Connection(ctx)
conn.connect(('www.rapidssl.com', 443))
cert = conn.get_peer_cert()
print cert.as_text()






Output:



Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1795 (0x703)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
        Validity
            Not Before: Mar  8 15:35:33 2005 GMT
            Not After : Mar  7 15:35:33 2010 GMT
        Subject: C=US, O=GeoTrust Inc., OU=Production, CN=www.rapidssl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:bf:2b:bb:b0:a8:78:fb:8d:76:d7:14:c1:92:d8:
                    c8:cb:99:ed:a8:9e:37:e5:4f:5d:7e:06:f6:52:5e:
                    5c:4e:e8:6b:9e:22:bb:62:8b:b6:db:fe:5f:05:15:
                    79:81:5a:4c:4c:89:6c:42:77:50:ac:8d:ce:a6:1a:
                    49:21:8c:27:db:1a:79:f0:5d:fc:4d:84:8b:42:0f:
                    8e:e6:6d:74:4b:a9:1e:b3:97:38:39:ec:28:88:5e:
                    1d:7a:c9:2b:53:34:71:2c:6c:80:80:78:ed:08:c7:
                    a8:fb:70:39:76:3b:2a:bd:c4:a9:88:6c:95:95:73:
                    2a:ab:85:05:15:b8:cd:59:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 CRL Distribution Points: 
                URI:http://crl.geotrust.com/crls/ebizca1.crl

            X509v3 Authority Key Identifier: 
                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1

    Signature Algorithm: md5WithRSAEncryption
        49:e5:4b:7f:48:f3:d1:b6:04:f4:59:a7:63:92:f2:eb:b2:a3:
        1f:c3:31:c4:d3:54:67:9d:77:35:e2:e1:a4:84:9b:d4:91:82:
        32:6b:93:3e:d8:7e:36:66:c8:aa:5f:b8:3a:ee:2c:2c:70:97:
        66:d1:e5:0e:23:dd:04:39:a8:c8:e4:4e:bb:75:85:52:d0:cd:
        37:51:69:07:aa:25:5d:cb:60:ac:a1:98:54:4b:1e:9d:49:fe:
        fa:b1:eb:f9:c3:79:bc:84:d8:4a:2c:bf:67:de:0c:70:8d:f0:
        c3:14:6f:04:8b:9d:14:bd:e9:fd:fd:b7:6d:66:9b:bc:e5:f1:
        74:54




With this module you can easily make a tool to scan internet sites that are still using certificates 
of CAs affected (md5WithRSAEncryption).





  posted at: 16:37 | path: /Attacks | permanent link to this entry | 0 comments | 25c3, md5, encryption, broken, ssl


Categories

/ (34)
    Attacks/ (2)
    Exploits/ (1)
    General/ (3)
    Lua/ (1)
    Malware/ (3)
    Nessus/ (6)
        cisco/ (1)
        plugins/ (3)
    Ossim/ (9)
    Scada Security/ (2)
    Security Visualization/ (6)
        Malware/ (2)
    Vulnerability Management/ (1)


Jaime Blasco
(feel free to get in touch)
  • Mail
  • Linkedin
  • Twitter
  • Linkedin
  • Forums

Friend's blogs:
  • /blog/dk
  • /blog/juanma
  • /blog/santiago
  • /blog/pablo/



RSS



Lecture...




< January 2009 >
MoTuWeThFrSaSu
    1 2 3 4
5 6 7 8 91011
12131415161718
19202122232425
262728293031 



Archives

2010-Aug
2010-Jul
2010-Mar
2010-Jan
2009-Dec
2009-Oct
2009-Sep
2009-Jul
2009-Jun
2009-Apr
2009-Mar
2009-Feb
2009-Jan
2008-Oct
2008-Aug



Tags


Made with PyBlosxom