nonce-disrespect / Nonce Disrespect
Licence: cc0-1.0
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
Stars: ✭ 103
Projects that are alternatives of or similar to Nonce Disrespect
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+37.86%)
Mutual labels: tls, attack, vulnerability
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+300.97%)
Mutual labels: vulnerability, attack
TIGER
Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)
Stars: ✭ 103 (+0%)
Mutual labels: attack, vulnerability
Singularity
A DNS rebinding attack framework.
Stars: ✭ 621 (+502.91%)
Mutual labels: vulnerability, attack
Ssrfmap
Automatic SSRF fuzzer and exploitation tool
Stars: ✭ 1,344 (+1204.85%)
Mutual labels: vulnerability
Deautherdroid
Additional android app for SpaceHunn's ESP8266 DeAuther.
Stars: ✭ 93 (-9.71%)
Mutual labels: attack
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+1177.67%)
Mutual labels: vulnerability
Php Hyper Builtin Server
Reverse proxy for PHP built-in server which supports multiprocessing and TLS/SSL encryption
Stars: ✭ 93 (-9.71%)
Mutual labels: tls
Wifi Spam
✉️📡 Spam thousands of WiFi access points with custom SSIDs
Stars: ✭ 92 (-10.68%)
Mutual labels: attack
Tls Inspector
Easily view and inspect X.509 certificates on your iOS device.
Stars: ✭ 92 (-10.68%)
Mutual labels: tls
Minimalftp
A lightweight, simple FTP server. Pure Java, no dependencies.
Stars: ✭ 94 (-8.74%)
Mutual labels: tls
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (-8.74%)
Mutual labels: tls
Nonce-Disrespecting Adversaries
We provide supplemental material to our research on AES-GCM nonce reuse vulnerabilities in TLS.
Research paper
- Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS (camera-ready version / Usenix WOOT16)
- Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS (preprint version / IACR ePrint)
Online check
Background
Abstract:
We investigate nonce reuse issues with the GCM block cipher mode as
used in TLS and focus in particular on AES-GCM, the most widely
deployed variant. With an Internet-wide scan we identified 184 HTTPS
servers repeating nonces, which fully breaks the authenticity of the
connections. Affected servers include large corporations, financial
institutions, and a credit card company. We present a proof of
concept of our attack allowing to violate the authenticity of affected
HTTPS connections which in turn can be utilized to inject seemingly
valid content into encrypted sessions. Furthermore, we discovered
over 70,000 HTTPS servers using random nonces, which puts them at risk
of nonce reuse, in the unlikely case that large amounts of data are
sent via the same session.
This repository provides supplemental code and information.
Code
- getnonce - scan tool and OpenSSL patch used for our Internet-wide scan.
- gcmproxy - attack implemented in Go.
- tool - helper tools used by attack code.
- paper - LaTeX source-code for IACR ePrint and WOOT16 camera-ready versions.
- slides - presentation slides for Black Hat USA 2016 and WOOT16.
License
All our code is published as CC0 1.0 / Public Domain.
Data
Advisories
Security advisories from affected vendors:
- Security Bulletin: Vulnerability in IBM Domino Web Server TLS AES GCM Nonce Generation (CVE-2016-0270)
- Radware / SA18456: Security Advisory Explicit Initialization Vector for AES-GCM Cipher (CVE-2016-10212)
- A10: CVE-2016-0270 GCM nonce vulnerability (fixed in 2.7.2-p8) (CVE-2016-10213, vendor references wrong CVE)
- CTX220329: Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generation (CVE-2017-5933)
Media / Blogs
- Golem: TLS/GCM - Gefahr durch doppelte Nonces
- Ars Technica: “Forbidden attack” makes dozens of HTTPS Visa sites vulnerable to tampering
- Veracode: Crypto Fun at Black Hat 2016
- David Wong: Breaking https' AES-GCM (or a part of it)
Misc
- TLS Symmetric Crypto (Blogpost by Adam Langley with the initial idea for this research)
- Authentication Failures in NIST version of GCM (Antoine Joux, source for Forbidden Attack against GCM)
- Youtube video showing XSS injection on visa.dk
- Black Hat USA 2016 talk announcement
- Usenix WOOT '16 talk announcement
- Slides from talk at BerlinSec Meetup
- Errata on RFC5288 (AES GCM Cipher-suites in TLS)
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].