SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   RSA BSAFE SSL-J Vendors:   RSA
RSA's BSAFE SSL-J Secure Sockets Layer Java Toolkit Has Session Caching Bug That May Allow Remote Users to Masquerade as Other Valid SSL Clients
SecurityTracker Alert ID:  1002409
SecurityTracker URL:  http://securitytracker.com/id/1002409
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 12 2001
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): RSA BSAFE SSL-J 3.x (3.0, 3.0.1 or 3.1)
Description:   RSA reports that their BSAFE SSL-J toolkit contains an SSL session ID caching flaw that could allow a remote user to masquerade as a valid authenticated client with another user's identity.

The flaw is only triggered when server-side SSL is used in client authentication mode.

Part of the SSL protocol allows for the caching of SSL sessions between subsequent connections by the same user. This is performed by creating an SSL session ID. When a client presents a valid session ID, a shorter SSL connection setup is performed.

It is reported that RSA BSAFE SSL-J maintains a cache of session IDs that were previously established by client applications. If a client presents a valid session ID, the client certificate authentication process is skipped, as the client has already been authenticated. However, when an SSL handshake error occurs and a client does not successfully authenticate, it is reported that the RSA toolkit may accidentally store a session ID in the cache instead of discarding it. This could allow a remote user that is not authenticated to masquerade as another, previously authenticated user.

Impact:   A remote user without valid client certificate credentials may be able to masquerade as a different authenticated user.
Solution:   The vendor has released a patch. See the Vendor URL to read the full advisory and obtain the patch.
Vendor URL:  www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html (Links to External Site)
Cause:   Authentication error
Underlying OS:  Java

Message History:   None.


 Source Message Contents

Subject:  Security Patch Released for RSA BSAFE SSL-J 3.x


From:
www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

RSA Security Bulletin

Security Patch Released for RSA BSAFE SSL-J 3.x

The problem affects server-side SSL in client authentication mode only
when using
RSA BSAFE SSL-J versions 3.0, 3.0.1 or 3.1. The problem does not affect
clients.
The problem does not impact servers that do not use client
authentication.

The SSL protocol provides for caching of SSL sessions between subsequent
connections by the same user. Due to a bug in the SSL session caching
feature
implemented in RSA BSAFE SSL-J versions 3.x, unauthorized clients may be
able to
impersonate authorized clients, thus potentially gaining access to data
intended only
for authorized users. The vulnerability does not give the attacker
super-user or "root"
privileges on the server.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC