1. 漏洞报告
image.png
2. 漏洞介绍
CRIME(CVE-2012-4929),全称Compression Ratio Info-leak Made Easy,这是一种因SSL压缩造成的安全隐患,通过它可窃取启用数据压缩特性的HTTPS或SPDY协议传输的私密Web Cookie。在成功读取身份验证Cookie后,攻击者可以实行会话劫持和发动进一步攻击。
3. 漏洞危害
可以窃取Web Cookie进行下一步攻击。
4. 漏洞检测
TLS Compression可以看到Compression enabled是开启的,存在CRIME漏洞。
root@kali:~# sslscan 192.168.56.129:9443
Version: 1.11.13-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)
Connected to 192.168.56.129
Testing SSL server 192.168.56.129 on port 9443 using SNI name 192.168.56.129
TLS Fallback SCSV:
Server only supports TLSv1.0
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression enabled (CRIME)
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 56 bits DES-CBC-SHA
Preferred SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted SSLv3 112 bits DES-CBC3-SHA
Accepted SSLv3 56 bits DES-CBC-SHA
Preferred SSLv2 128 bits RC2-CBC-MD5
Accepted SSLv2 128 bits RC4-MD5
Accepted SSLv2 112 bits DES-CBC3-MD5
Accepted SSLv2 56 bits DES-CBC-MD5
Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
Accepted SSLv2 40 bits EXP-RC4-MD5
SSL Certificate:
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength: 1024
Subject: bee-box.bwapp.local
Issuer: bee-box.bwapp.local
Not valid before: Apr 14 18:11:32 2013 GMT
Not valid after: Apr 13 18:11:32 2018 GMT
5. 漏洞修复
- 禁用compression 功能。(lighttpd服务器)首先禁用
- 禁用 SPDY 服务。可以通过谷歌插件HTTP/2 and SPDY indicator可以查看网站是否SPDY服务。
网友评论