View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002999 | Kali Linux | [All Projects] Kali Package Bug | public | 2016-01-18 17:03 | 2020-12-01 10:48 |
| Reporter | ElColmo | Assigned To | rhertzog | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2.0 | ||||
| Target Version | Fixed in Version | 2016.1 | |||
| Summary | 0002999: Kali 2.0 uses a version of libnss3 that is prone to using weaker/older SSL certificates in certain circumstances | ||||
| Description | Kali 2.0 uses a version of libnss3 that is prone to using weaker/older certs, when navigating up the CA chain. One fairly obvious impact is that Google Chromium incorrectly displays the HTTPS symbol in red, rather than in green, since it uses the less secure SHA-1 based path, rather than the more secure SHA-2 based path, where multiple paths exist. This appears to be an issue where "cross-signed" roots are used, for instance. See https://sslmate.com/blog/post/chrome_cached_sha1_chains for more details. The bug in question is present in nss_3.17.2-1.1+deb8u1, but is resolved in nss_3.17.2-1.1+deb8u2. Please see: http://metadata.ftp-master.debian.org/changelogs/main/n/nss/nss_3.17.2-1.1+deb8u2_changelog https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1423031 | ||||
| Steps To Reproduce | #0: Verify "nss_3.17.2-1.1+deb8u1" is installed 0000001: Install "chromium" package (I'm using "47.0.2526.80-1~deb8u1") #2: Run Chromium #3: Browse to a website which used a SHA-1 certificate in the CA chain, but which now uses a SHA-2 right up the chain (but where the original public key was re-signed with SHA-2, or where "cross-signing" is used). 0000004: Note if the "HTTPS" logo appears in red. 0000005: Using the same version of Chromium on Windows 7, note that the "HTTPS" logo appears in green, and there is no indication of SHA-1 in use. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-01-18 17:03 | ElColmo | New Issue | |
| 2016-01-22 08:09 | rhertzog | Note Added: 0004534 | |
| 2016-01-22 08:09 | rhertzog | Status | new => resolved |
| 2016-01-22 08:09 | rhertzog | Fixed in Version | => 2016.1 |
| 2016-01-22 08:09 | rhertzog | Resolution | open => fixed |
| 2016-01-22 08:09 | rhertzog | Assigned To | => rhertzog |
| 2020-12-01 10:48 | g0tmi1k | Priority | high => normal |