New TLS 1.3 protocol vulnerability, thousands of websites face data leakage risks

For secure encrypted communications, the importance of Transport Layer Security Protocol (SSL/TLS) is self-evident. Today’s TLS protocol is not only used for transport layer communication, but also as a standard encryption protection protocol widely used in the fields of FTP, email and VPN, and always protect the security of our network communication.

A new crypto attack was revealed last week that could break encrypted TLS traffic, allowing attackers to intercept and steal data that was previously considered safe and reliable. The two disclosed new TLS protocol vulnerabilities, named “Zombie POODLE” and “GOLDENDOODLE”, use Zombie POODLE to recover POODLE attacks in the Citrix load balancer, while GOLDENDOODLE is a similar attack, but with more power and faster encryption hacking performance.

Among Alexa’s top 1 million websites, about 2,000 websites are vulnerable to Zombie POODLE attacks, about 1,000 websites are vulnerable to GOLDENDOODLE attacks, and hundreds of websites are still vulnerable to old vulnerabilities, POODLE attack that was exposed five years ago.

According to nccgroup, there are two ways exist to attack TLS 1.3. In each attack, the server needs to support an older version of the protocol as well.

1. The first technique relies on the fact that the current server’s public key is an RSA public key, used to sign its ephemeral keys during the handshake, and that the older version of TLS that the server supports re-use the same keys.
2. The second one relies on the fact that both peers support an older version of TLS with a cipher suite supporting an RSA key exchange.

How does attacker can conduct this attack?

Image: nccgroup

1. The HTTPS server uses the CBC cipher suite.

2. Create a MITM between the attacked client and the attacked server, such as establishing a malicious WiFi hotspot or hijacking an intermediate network device such as a router.

3. The attacker injects malicious JavaScript into the victim’s browser by embedding code on a non-encrypted website accessed by the user.

4. The malicious script constructs a specific HTTPS request to encrypt the website, and combines the middleman bypass to listen to the encrypted data. After multiple requests, the cookie and the certificate in the encrypted data can be obtained.

For more information, check out the official NCC Group blog.