Hi,
After some debate with Microsoft, they have directed me to the following text
( http://www.ietf.org/rfc/rfc2246.txt?number=2246 ):
"Note: An attack discovered by Daniel Bleichenbacher [BLEI] can be used to
attack a TLS server which is using PKCS#1 encoded RSA. The attack takes
advantage of the fact that by failing in different ways, a TLS server can be
coerced into revealing whether a particular message, when decrypted, is properly
PKCS#1 formatted or not.
The best way to avoid vulnerability to this attack is to treat incorrectly
formatted messages in a manner indistinguishable from correctly formatted RSA
blocks. Thus, when it receives an incorrectly formatted RSA block, a server
should generate a random 48-byte value and proceed using it as the premaster
secret. Thus, the server will act identically whether the received RSA block is
correctly encoded or not."
Therefore IIS will received the bogus key created for OpenSSL and will reply to
it even though its incorrect in its size. Therefore it will create a false
positive.
I have created a patch for this that will hopefully redeem this vulnerability.
The patch also creates a sub function whereby changing the debug = 0 to debug =
1 you can process the results you receive.
Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
After some debate with Microsoft, they have directed me to the following text
( http://www.ietf.org/rfc/rfc2246.txt?number=2246 ):
"Note: An attack discovered by Daniel Bleichenbacher [BLEI] can be used to
attack a TLS server which is using PKCS#1 encoded RSA. The attack takes
advantage of the fact that by failing in different ways, a TLS server can be
coerced into revealing whether a particular message, when decrypted, is properly
PKCS#1 formatted or not.
The best way to avoid vulnerability to this attack is to treat incorrectly
formatted messages in a manner indistinguishable from correctly formatted RSA
blocks. Thus, when it receives an incorrectly formatted RSA block, a server
should generate a random 48-byte value and proceed using it as the premaster
secret. Thus, the server will act identically whether the received RSA block is
correctly encoded or not."
Therefore IIS will received the bogus key created for OpenSSL and will reply to
it even though its incorrect in its size. Therefore it will create a false
positive.
I have created a patch for this that will hopefully redeem this vulnerability.
The patch also creates a sub function whereby changing the debug = 0 to debug =
1 you can process the results you receive.
Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com