False CONNECT vulnerability allows MitM-attack and intercept HTTPS-traffic

The problem is caused due to errors in the implementation of proxy authentication procedures used in the software of different manufacturers.

mitm

Researcher Jerry Decime revealed details of the vulnerability allow an attacker to carry out attacks “man in the middle” and intercept HTTPS-traffic. The problem, called FalseCONNECT, is caused due to errors in the implementation of proxy authentication procedures used in the software of different manufacturers, including Apple, Microsoft, Opera and Oracle.

As explained experts from Coordination CERT / CC Center at Carnegie Mellon University, web-browsers and applications sending the HTTPS-requests through proxy servers are vulnerable to attacks “man in the middle”, exploiting HTTP CONNECT requests and proxy server responses. The CONNECT HTTP requests sent over HTTP unencrypted. This means that an attacker with the ability to modify the proxy traffic may replace the server’s response to the error message 407 Proxy Authentication Required and thus obtain credentials to access to the target device.

The presence of vulnerabilities in their products already confirmed Apple, Microsoft, Oracle and Opera. Lenovo officials said that the problem does not affect the company’s software solutions. Cisco, Google, HP, IBM, Juniper Networks, Mozilla, Nokia, OpenBSD, SAP, Sony and other manufacturers have carried out checks for FalseCONNECT vulnerabilities in their own software. Apple has already fixed the problem in iOS 9.3.3 updates and OS X El Capitan 10.11.6.

Posted in Vulnerabilities Tagged with: , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.