-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-10 Inconsistent Warning Messages in Internet Explorer Original release date: June 6, 2000 Last Revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected * Systems running Microsoft Internet Explorer Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT Advisory CA-2000-08, but they have a similar impact. I. Description Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One very common use of digital certificates is to secure electronic commerce transactions through SSL (Secure Socket Layer). The kind of certificates used in e-commerce transactions are called X.509 certificates. The X.509 certificates help a web browser and the user ensure that sensitive information transmitted over the Internet is readable only by the intended recipient. This requires verifying the recipient's identity and encrypting data so that only the recipient can decrypt it. The "padlock" icon used by Internet Explorer (as well as Netscape and other browsers) is an indication that an SSL-secured transaction has been established to someone. It does not necessarily indicate to whom the connection has been established. Internet Explorer (and other browsers) take steps to warn users when DNS-based information conflicts with the strongly authenticated information contained in the X.509 certificates used in SSL transactions. These warnings are supplemental information to help users decide if they're connecting to whom they think they are connecting. These steps and warnings are designed to protect against attacks on the DNS information. Descriptions of the problems provided by Microsoft are shown below. IE fails to validate certificates in images or frames When a connection to a secure server is made via either an image or a frame, IE only verifies that the server's SSL certificate was issued by a trusted root - it does not verify the server name or the expiration date. When a connection is made via any other means, all expected validation is performed. IE fails to revalidate certificates within the same session Even if the initial validation is made correctly, IE does not re-validate the certificate if a new SSL session is establish with the same server during the same IE session. We encourage you to read Microsoft Security Bulletin MS-039 for additional details provided by Microsoft. This document is available at http://www.microsoft.com/technet/security/bulletin/ms00-039.asp II. Impact Attackers can trick users into disclosing information (such as credit card numbers, personal data, or other sensitive information) intended for a legitimate web site. III. Solution General Recommendations When Using SSL DNS information is fundamentally insecure, and there are a variety of means by which an attacker can provide false or misleading DNS information, even in the absence of any vulnerabilities in a DNS server. Browsers attempt to compensate for this insecurity by providing warning messages when the strongly authenticated certificate information does not match the DNS information. While we strongly recommend that you stay up to date with respect to patches and workarounds provided by your browser vendor, we also encourage you to take the following steps, particularly for sensitive transactions. Check Certificates The CERT/CC recommends that prior to providing any sensitive information over SSL, you check the name recorded in the certificate to be sure that it matches the name of the site to which you think you are connecting. For example, in Internet Explorer 5 (for Windows), double click on the "padlock" icon to engage the "Certificate" dialog box. Click on the "Details" tab to see information about the certificate, including the thumbprint. Click on the "Certification Path" tab for information about the certificate authority that signed the certificate. If you do not trust the certificate authority or if the name of the server does not match the site to which you think you're connecting, be suspicious. Validate Certificates Independently Web browsers come configured to trust a variety of certificate authorities. If you delete the certificates of all the certificate authorities in your browser, then whenever you encounter a new SSL certificate, you will be prompted to validate the certificate yourself. You can do this by validating the fingerprint on the certificate through an alternate means, such as the telephone. That is, the same dialog box mentioned above also lists a fingerprint for the certificate. If you wish to validate the certificate yourself, call the organization for which the certificate was issued and ask them to confirm the fingerprint on the certificate. Deleting the certificates of the certificate authorities in your browser will cause the browser to prompt you for validation whenever you encounter a new site certificate. This may be inconvenient and cumbersome, but it provides you with greater control over which certificates you accept. It is also important to note that this sort of verification is only effective if you have an independent means through which to validate the certificate. This sort of validation is called out-of-band validation. For example, calling a phone number provided on the same web page as the certificate does not provide any additional security. The CERT/CC encourages all organizations engaging in electronic commerce to train help desk or customer support personnel to answer questions about certificate fingerprints/thumbprints. Note: Microsoft Internet Explorer 5, Macintosh Edition, does not provide any means by which users can validate certificates by checking the fingerprint/thumbprint. Our conversations with Microsoft indicate that the Macintosh version of Internet Explorer is not affected by these specific problems, however, because of the fundamentally insecure nature of DNS, we recommend using a browser that does allow users to validate certificates on whatever platform they use, including MacOS Specific Defenses Against These problems Stay up to date with patches, workarounds, and certificate management products. Appendix A lists information regarding these problems. Appendix A Vendor Information Microsoft Corporation Information from Microsoft is available at http://www.microsoft.com/technet/security/bulletin/ms00-039.asp _________________________________________________________________ The CERT Coordination Center thanks the ACROS Security Team of Slovenia, who originally discovered this problem, and Ric Ford, President of MacInTouch, Inc. _________________________________________________________________ Shawn Hernan was the primary author of this document. ______________________________________________________________________ This document is available from: http://www.cert.org/advisories/CA-2000-10.html ______________________________________________________________________ CERT/CC Contact Information Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A. CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryption We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key If you prefer to use DES, please call the CERT hotline for more information. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/ To be added to our mailing list for advisories and bulletins, send email to cert-advisory-request@cert.org and include SUBSCRIBE your-email-address in the subject of your message. * "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office. ______________________________________________________________________ NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. _________________________________________________________________ Conditions for use, disclaimers, and sponsorship information Copyright 2000 Carnegie Mellon University. Revision History June 6, 2000: initial release -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBOT0FD1r9kb5qlZHQEQJsVACdEBzlJ7cgHNWerGK6Ix9MQxh2Y9EAoJC4 PSqEO0xNEc0rRFmnQs0L8lSi =LUcH -----END PGP SIGNATURE-----