SonicWALL has deployed protection against SSL Certificate Null Byte Poisoning vulnerability. The vulnerability allows attackers to perform man-in-the-middle session hijacking various browser and non-browser based SSL implementations.
In a move to repel security threats, SonicWALL has updated signatures of users of its Unified Threat Management Firewall technology.
The vulnerability was first disclosed during BlackHat security conference briefings in Las Vegas. Reportedly, Dan Kaminsky and Moxie Marlinspike, while working separately, have discovered the same vulnerability that would affect many SSL implementations.
The company said that, multiple browsers are theoretically prone to a security-bypass vulnerability. The problem is due to improper validation of the domain name in a signed Certificate Authority (CA) certificate.
Once an attacker obtains a specially crafted null byte stuffed certificate designed to imitate the origin content server, privacy of the data can be compromised since there will be no distinguishable notification to the user that the secure connection has been intercepted by an unknown 3rd party, the company said.
In addition, SSL sessions compromised as a result of the above mentioned vulnerability can be used to install unwanted trojans and malware on the victim’s computer.
SonicWALL said, to solve this problem, CAs must stop issuing certificate that contains a null byte and in order to prevent attacks using existing CA-signed certificates or self-signed certificates, developers of browsers have to fix their SSL implementations and continue reading the domain name when a null byte is encountered.
Reportedly, VeriSign claims that No certificates under the VeriSign brand or sub-brands have a domain containing a null character.