Exploit the possiblities
Showing 1 - 3 of 3 RSS Feed

Files from Adam Langley

Email addressagl at google.com
First Active2011-11-30
Last Active2015-07-27
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
Posted Jul 27, 2015
Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, crypto
advisories | CVE-2015-1793
MD5 | 244abcb9001d9746e6846f9785dab572
FreeBSD Security Advisory - OpenSSL Certificate Forgery
Posted Jul 10, 2015
Authored by Adam Langley, David Benjamin | Site security.freebsd.org

FreeBSD Security Advisory - During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails, unless the application explicitly specifies X509_V_FLAG_NO_ALT_CHAINS. An error in the implementation of this logic could erroneously mark certificate as trusted when they should not. An attacker could cause certain checks on untrusted certificates, such as the CA (certificate authority) flag, to be bypassed, which would enable them to use a valid leaf certificate to act as a CA and issue an invalid certificate.

tags | advisory
systems | freebsd
advisories | CVE-2015-1793
MD5 | 26ed640fe93813ad02963f1321eb4af2
Certificate Authority Transparency And Auditability
Posted Nov 30, 2011
Authored by Ben Laurie, Adam Langley

Whitepaper called Certificate Authority Transparency and Auditability. The goal of this paper is to make it impossible (or at least very difficult) for a Certificate Authority (CA) to issue a certificate for a domain without the knowledge of the owner of that domain. A secondary goal is to protect users as much as possible from mis-issued certificates.

tags | paper
MD5 | 54fcec76ea2b7e798ca5b28954acfffc
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close