Results 1 to 3 of 3

Thread: Multiple Browsers URL and SSL Certificates Spoofing Vulnerability

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Multiple Browsers URL and SSL Certificates Spoofing Vulnerability

    Another one here! All Internet Browsers are affect except...... IE!!! WOW!!!

    K-OTik Security Advisory : KOTIK/ADV-2005-0112
    CVE Reference : GENERIC-MAP-NOMATCH
    Rated as : Moderate
    Remotely Exploitable : Yes
    Locally Exploitable : Yes
    Release Date : 2005-02-07

    * Technical Description *

    A new vulnerability was reported in several web browsers, which may be exploited by attackers to conduct phishing/spoofing attacks and display fake domain names. The problem resides in the IDN (International Domain Name) implementation and occurs when handling malformed URLs containing specially crafted characters, which may be exploited to spoof SSL certificates and the URL displayed in the address/status bar.

    Example :
    The URL https://www.pаypal.com will display https://www.paypal.com (and points to https://www.xn--pypal-4ve.com)

    * Affected Products *

    Mozilla 1.7.5 and earlier
    Firefox 1.0 and earlier
    Opera version 7.54u2 and earlier
    Safari version 1.2.4 (v125.1) and earlier
    OmniWeb version 5.1 and earlier
    Konqueror version 3.2.2 and earlier

    * Solution *

    K-OTik Security is not aware of any official supplied patch for this issue.

    * References *

    http://www.k-otik.com/english/advisories/2005/0112
    http://www.shmoo.com/idn/homograph.txt

    * Credits *

    Vulnerability reported by Eric Johanson
    Source : http://www.k-otik.com/english/advisories/2005/0112
    -Simon \"SDK\"

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    This hit eITplanet finally. What I find particularly ironic, if you read between the lines and realize what they are saying, is that IE is not vulnerable to this because Microsoft has not yet brought IE up to current standards insofar as Unicode handling (for internaltional use). So because they don't fully support standards used elsewhere, they aren't vulnerable.
    Almost every recent browser (Firefox, Mozilla, Safari, Opera) except for Microsoft's Internet Explorer currently implements IDN and Unicode/UTF8 domain name resolution.
    Isn't that like saying "Windows Server is not vulnerable to SSH2 vulnerabilities because it only supports Telnet without third party software"?!?
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    True enough, but I think m$ lucked out on this, because this will be the one thing that every body hears about and because IE isn't vulnerable, even though we all know it's because they're slow, M$ will be thought to be the "best" because they don't fall prey to this. What sucks is that all of the people who don't know about this may fall prey because they 1. don't read urls from links unless they've learned from experience 2. they learned from knowledgeable people to trust things like firefox and if they don't hear about this, they'll still not know any better and be subject to the proprietors of this problem. For once it makes us procrastinators look good...
    --BigDick


    \"When in Rome, eat Rome!\" -Godzilla

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •