Opera SSL Security Feature Design Error Vulnerability
BID:13176
Info
Opera SSL Security Feature Design Error Vulnerability
| Bugtraq ID: | 13176 |
| Class: | Design Error |
| CVE: |
CVE-2005-1139 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2005 12:00AM |
| Updated: | Mar 02 2007 08:55PM |
| Credit: | Discovery of this vulnerability is credited to GeoTrust. |
| Vulnerable: |
S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Opera Software Opera Web Browser 8 Beta 3 |
| Not Vulnerable: | |
Discussion
Opera SSL Security Feature Design Error Vulnerability
Opera is prone to a design error that can result in a false sense of security. The issue resides in a security feature that is available in Opera version 8 Beta 3. The new security feature displays the Organization Name derived from an SSL certificate in the address bar field for an SSL-secured site.
The Organization info is based on the legal name under which an organization is registered. Any company may apply for and obtain an SSL certificate that contains Organization info that matches or is similar to other target company names.
The problem arises because the Organization Name of an SSL certificate is not intended to be unique. Since this field is not unique, it can't serve as the sole means for the user to trust the authenticity of a site. Therefore, this security feature may be abused and may yield a false sense of security for users because they may fail to manually inspect certificate properties. In situations where an attacker has successfully obtained a certificate from a Certificate Authority (CA) that has a misleading or spoofed Organization Name, this may lend authenticity to a malicious site maintained by the attacker.
Opera is prone to a design error that can result in a false sense of security. The issue resides in a security feature that is available in Opera version 8 Beta 3. The new security feature displays the Organization Name derived from an SSL certificate in the address bar field for an SSL-secured site.
The Organization info is based on the legal name under which an organization is registered. Any company may apply for and obtain an SSL certificate that contains Organization info that matches or is similar to other target company names.
The problem arises because the Organization Name of an SSL certificate is not intended to be unique. Since this field is not unique, it can't serve as the sole means for the user to trust the authenticity of a site. Therefore, this security feature may be abused and may yield a false sense of security for users because they may fail to manually inspect certificate properties. In situations where an attacker has successfully obtained a certificate from a Certificate Authority (CA) that has a misleading or spoofed Organization Name, this may lend authenticity to a malicious site maintained by the attacker.
Exploit / POC
Opera SSL Security Feature Design Error Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Opera SSL Security Feature Design Error Vulnerability
Solution:
SuSE has released advisory SUSE-SA:2005:031 along with fixes to address this issue. Please see the referenced advisory for more information.
Solution:
SuSE has released advisory SUSE-SA:2005:031 along with fixes to address this issue. Please see the referenced advisory for more information.
References
Opera SSL Security Feature Design Error Vulnerability
References:
References: