SSL Renegotiation Vulnerability: Journey from Theory to Practice to Prevalence
The SSL renegotiation vulnerability disclosure created mood swings in the security community over last month. Immediately after the disclosure, security community was split in opinion about its severity and relevance.
All that changed a fortnight later, when real life exploit targeted to Twitter site was demonstrated using this vulnerability and it all started looking REAL! Afterall, it was a vulnerability of great relevance and severity.
The final question now is how prevalent is this vulnerability. To this effect, SSLLabs has actually created an online tool where you can enter HTTPS URL to know if that URL is vulnerable to SSL renegotiation vulnerability. In fact you will notice that many critical HTTPS sites are vulnerable, though a few have already patched it up.
If any doubt is now left before calling it prevalent, it is about prevalence of man-in-the-middle (MITM) attacks. The flaw requires presence of MITM between the client and the SSL server. How easy is it for an attacker to be MITM? This is where WiFi comes into picture. In fact it is very easy to be MITM in WiFi connection using honeypot (evil twin) access points or ARP poisoning through rogue access points.
Overall, it is appropriate to conclude that the vulnerability is severe and prevalent. Fortunately, the fix is available through a patch, though it will take some time before all websites apply it. Until then, we keep our fingers crossed!
