CVE-2014-0224 PoC — OpenSSL 加密问题漏洞

Source

https://github.com/secretnonempty/CVE-2014-0224

Associated Vulnerability

Title:OpenSSL 加密问题漏洞 (CVE-2014-0224)
Description:OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Readme

OPENSSL CVE-2014-0224 MITM exploit demo.<br>
<br>
Author : @bluerust<br>
Blog   : http://hi.baidu.com/bluerust/item/bf2ab031bbadcf09cfb9fe41<br>
Ver    : 1.1<br>
Desc   :<br>
Only for openssl 1.0.1*, only tested for cipher RC4-SHA.<br>
 a. server<br>
  openssl s_server -debug -accept 443 -cert server.crt -certform PEM -key server.key -cipher RC4-SHA<br>
  we don't want to discuss how to generate the certificate in here.<br>
 b. client<br>
  openssl s_client -connect 127.0.0.1:9999 -debug -cipher RC4-SHA<br>
 c. mitm proxy<br>
  go run proxy_all.go -host=127.0.0.1 -port 443 -listen_port=9999<br>
<br>
--------------------------<br>
 References:<br>
 [1] Early ChangeCipherSpec Attack (05 Jun 2014)<br>
 https://www.imperialviolet.org/2014/06/05/earlyccs.html <br>
 [2] SSL/TLS MITM vulnerability (CVE-2014-0224)<br>
 http://www.openssl.org/news/secadv_20140605.txt<br>
 [3] How I discovered CCS Injection Vulnerability (CVE-2014-0224)<br>
 http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html<br>

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →