The problem is caused due to errors in the implementation of proxy authentication procedures used in the software of different manufacturers.
Researcher Jerry Decime revealed details of the vulnerability allow an attacker to carry out attacks “man in the middle” and intercept HTTPS-traffic. The problem, called FalseCONNECT, is caused due to errors in the implementation of proxy authentication procedures used in the software of different manufacturers, including Apple, Microsoft, Opera and Oracle.
As explained experts from Coordination CERT / CC Center at Carnegie Mellon University, web-browsers and applications sending the HTTPS-requests through proxy servers are vulnerable to attacks “man in the middle”, exploiting HTTP CONNECT requests and proxy server responses. The CONNECT HTTP requests sent over HTTP unencrypted. This means that an attacker with the ability to modify the proxy traffic may replace the server’s response to the error message 407 Proxy Authentication Required and thus obtain credentials to access to the target device.
The presence of vulnerabilities in their products already confirmed Apple, Microsoft, Oracle and Opera. Lenovo officials said that the problem does not affect the company’s software solutions. Cisco, Google, HP, IBM, Juniper Networks, Mozilla, Nokia, OpenBSD, SAP, Sony and other manufacturers have carried out checks for FalseCONNECT vulnerabilities in their own software. Apple has already fixed the problem in iOS 9.3.3 updates and OS X El Capitan 10.11.6.