Date: Fri, 21 May 1999 14:39:00 GMT
>From: ccowley@grok.co.uk (Chris Cowley)
Subject: Vulnerability in Windows SSL server and common browsers

Some time ago, I downloaded a trial version of an SSL web server product for
Windows NT called 'Alibaba 2.0' for evaluation as a possible SSL solution. I
eventually made a decision to use another product, but I ended up using an
RSA key pair generated by Alibaba's 'genkey' utility (which is based on the
popular SSLeay toolkit).

Whilst recently examining the keys generated by 'genkey' using tools shipped
as part of the SSLeay distribution, I discovered what I believe to be a
serious flaw:-

The 'genkey' utility erroneously generates a private key with an exponent of
'1'. This results in null security since the RSA public key associated with
a private exponent of '1' is also '1', with the effect that the session key
for each SSL session to a server running 'Alibaba' is sent in the clear.

The result of this vulnerability is that 'secure' web sites that use keys
generated by the 'genkey' utility provided with Alibaba 2.0 do not provide
any security. Such sites are susceptible to having their transactions
snooped by a third party, or falsified by man-in-the-middle attacks.

A further interesting discovery is that both Netscape Navigator and Internet
Explorer will happily let the user interact with SSL web sites which have an
RSA public key exponent of '1' without bringing the user's attention to the
fact that such transactions are, in fact, entirely insecure.

Chris Cowley, Grok Developments Ltd  http://www.grok.co.uk/

[from RISKS-FORUM Digest 20.41]