Date: Mon, 19 Aug 2002 16:40:41 +0200
From: Johan Persson <orm@sentor.se>
To: bugtraq@securityfocus.com
Subject: Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
----------------------------------------------------------------------------
-------
Sentor Torparfar Advisory #001
Title: Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
Date: August 16, 2002
Author: Johan Persson <johan.person@sentor.se>
----------------------------------------------------------------------------
-------
Summary:
When an SSL connection is set up between IIS 5.0 pre sp3 and a client
the server verifies that the client certificate is ultimately
issued by a trusted root authority (as defined by CTL) and
that none of the certificates in the chain have expired.
There are serveral checks that are not being done.
In particular there is no verification of basic constraints.
Since the all subsequent validity checks (client certificate mapping,
ASP methods etc) only deal with the subfields (O, OU, CN, etc) of
the subject and/or issuer it is trivial to spoof your identity.
Details:
Vulnerable systems:
Windows 2000, IIS 5.0 pre sp3
Not Vulnerable:
Windows 2000, IIS 5.0 sp3
I have no idea if there are similar vulnerabilities in
any of the other versions of IIS, as I haven't checked.
Description:
The validity of a client certificate chain is not properly
checked on the server side in a SSL connection involving an
IIS 5.0 pre sp3. In particular there is no verification of basic
constraints. Since client certificate mapping as well as other
methods of authentication using certificates relies on the
information contained in the subfields of the subject (client)
and issuer it is possible to create false credentials that
can be used to impersonate any valid user.
Impact:
In a system that relies on client side certificates for authentication
it is possible to impersonate any user whose public details (certificate
subfields) are known
Exploit:
Get a (any) valid certificate which is ultimately issued by a root
authority trusted by the target server.
Create a certificate request containing whatever fields you need to
impersonate the issuer you want to spoof.
Sign this request using the private key corresponding to your valid
certificate.
Create a certificate request containing whatever fields you need to
impersonate the subject you want to spoof
Sign this request using the private key that corresponds to the certificate
you created in step 3
I will not release detailed exploit information. Openssl and some
experimenting should suffice.
Vendor Status:
Microsoft contacted June 24, 2002
Microsoft provided me with a hotfix July 18, 2002
The fix is included in Service Pack 3
Solution:
Get and install Service Pack 3 from Microsoft
0nd/Ag3nt0nd/0rm/Torparfar
----------------------------------------------------------------------------
-----------
