257,165 views
15 votes
15 votes
Suppose Alice downloads a buggy browser that implements TLS incorrectly. The TLS specification says that, during the handshake, the browser should send a random 256-bit number RB. Instead of picking RB randomly the browser always sends all zeros. Describe an attack that is possible against this buggy browser and how to update the browser so that this attack is no longer feasible.

User Kowshik
by
2.4k points

1 Answer

16 votes
16 votes

Solution :

It is given that Alice downloads the buggy browser which implements a TLS incorrectly. The specification of a TLS states that during a handshake, the browser sends a 256 bit number of RB randomly.

So in this case, a man-n-the-middle attack is possible. It can compromise the confidentiality of Alice. Updating the browser by visiting the website and checking its latest version of the browser or installing some other browser which has a more trust in the market for its security features.

User All Blond
by
3.2k points