[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Google using Expired Cert and SSLv2

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Google using Expired Cert and SSLv2
From: Ivaylo Kostadinov <ivaylo.kostadinov@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 01 Apr 2004 10:42:50 +0100

It seems you caught them just before they updated it.

Now it is v3 and valid from yesterday:

--- Certificate: Data: Version: 3 (0x2) Serial Number: 4063034 (0x3dff3a) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@xxxxxxxxxx Validity Not Before: Mar 31 20:09:01 2004 GMT Not After : Mar 31 18:52:39 2005 GMT Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ce:88:dc:7e:9a:fa:8b:5d:24:7d:f1:4a:ea:fb: a8:4a:33:9d:9c:ef:22:c9:4d:2f:ac:a0:d3:86:05: 4f:d1:bb:cb:26:a6:f4:93:b4:43:aa:a9:28:b7:71: cf:a4:47:f1:c3:20:41:2d:d4:8a:1c:20:bd:6f:8a: f0:9d:a4:ea:70:65:5d:10:e3:ea:7d:d2:b9:87:f4: 1e:71:60:23:75:60:49:0d:4c:c0:0e:d9:91:d2:3f: 49:74:3f:6c:bf:a1:56:46:1f:99:e6:16:33:02:4e: 06:b6:54:81:58:de:7e:2e:69:1b:f4:76:85:40:46: b3:fe:19:33:26:8c:fb:89:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto X509v3 CRL Distribution Points: URI:http://crl.thawte.com/ThawteServerCA.crl

            Authority Information Access:
                OCSP - URI:http://ocsp.thawte.com

            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: md5WithRSAEncryption
        34:eb:5f:20:b9:ec:d0:4f:8c:61:b8:37:9b:cc:3f:f4:6a:e8:
        39:c9:f9:43:22:13:63:91:6e:ab:52:21:2c:8a:26:33:a3:bc:
        02:dc:c3:85:21:04:8d:61:1f:f3:0e:13:cc:f4:92:a5:fa:cc:
        37:53:e5:a2:41:88:f1:40:ea:92:0d:3e:21:63:16:6d:a6:5a:
        bc:c2:db:4c:69:ad:c2:a6:6a:26:00:04:9d:5b:9a:12:6f:51:
        b0:b7:df:e6:5e:32:0b:bc:bb:26:02:b8:e9:85:d5:e6:f9:be:
        7c:5a:88:4e:2e:ff:a2:7d:7c:1f:c1:f8:c8:92:d4:34:21:2c:
        71:05
-----BEGIN CERTIFICATE-----
MIIDUDCCArmgAwIBAgIDPf86MA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wNDAz
MzEyMDA5MDFaFw0wNTAzMzExODUyMzlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
EwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpH
b29nbGUgSW5jMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAzojcfpr6i10kffFK6vuoSjOdnO8iyU0vrKDThgVP0bvL
Jqb0k7RDqqkot3HPpEfxwyBBLdSKHCC9b4rwnaTqcGVdEOPqfdK5h/QecWAjdWBJ
DUzADtmR0j9JdD9sv6FWRh+Z5hYzAk4GtlSBWN5+Lmkb9HaFQEaz/hkzJoz7ia0C
AwEAAaOBqjCBpzAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG
+EIEATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhh
d3RlU2VydmVyQ0EuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0
cDovL29jc3AudGhhd3RlLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBADTrXyC57NBPjGG4N5vMP/Rq6DnJ+UMiE2ORbqtSISyKJjOjvALcw4UhBI1h
H/MOE8z0kqX6zDdT5aJBiPFA6pINPiFjFm2mWrzC20xprcKmaiYABJ1bmhJvUbC3
3+ZeMgu8uyYCuOmF1eb5vnxaiE4u/6J9fB/B+MiS1DQhLHEF
-----END CERTIFICATE-----

---

ivaylo

Matthew S. Hamrick wrote:

http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=729

Don't know how apropos it is to bugtraq, but I suppose it's relevant to the web
application security community. It's fairly well known amongst people who use
SSL to secure portions of their web application that SSL version 2 is "bad."
It's so bad that a bunch of really smart people went out and created SSL version
3. So I was pretty surprised today when I noticed that https://www.google.com/
is using an expired certificate and SSLv2.

Guess the moral of the story is: "even the big guys can get it wrong."

/etc
Matt H.

--


=============================
Ivaylo Kostadinov
GRID Systems Manager
Oxford e-Science Centre
Oxford University
13 Banbury Road
Oxford OX2 6NN

Phone:  +44 1865 273289
Fax:    +44 1865 273275
=============================

References:
- Google using Expired Cert and SSLv2
  - From: Matthew S. Hamrick

Prev by Date: Re: IPv4 fragmentation --> The Rose Attack
Next by Date: Re: IPv4 fragmentation --> The Rose Attack
Previous by thread: Google using Expired Cert and SSLv2
Next by thread: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment
Index(es):
- Date
- Thread