Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack.

The vulnerability exists during a TLS renegotiation process. If an attacker can intercept traffic from a client to a TLS server, the attacker could stage a rogue TLS server to intercept that traffic and appear to authenticate the client to what the client thinks is the desired TLS server. The attacker is then able to authenticate to the legitimate TLS server and thus stage a man-in-the-middle attack. However, the attacker would not be able to view the contents of the session and would only be able to inject data or requests into it.

Proof-of-concept code that exploits this vulnerability is publicly available.

OpenSSL has confirmed this vulnerability in a changelog and released updated software.

To exploit this vulnerability, the attacker must be able to intercept traffic from a TLS client to a TLS server. In many cases, this may require the attacker to have access to a network that is adjacent to the targeted user’s system. Another possibility would be for the attacker to have access to a network that is adjacent to a legitimate TLS server.

This vulnerability is likely to affect multiple implementations of TLS.