Vulnerabilities in STARTTLS implementations

    Date08 Mar 2011
    CategoryCryptography
    2644
    Posted ByAlex
    Vulnerabilities in implementations of the STARTTLS protocol for establishing an encrypted TLS connection could allow commands to be injected into a connection. According to a description by the discoverer of the problem, Postfix developer Wietse Venema, the key point is that commands are injected into the connection before it has been secured/encrypted, but are only executed once the secure connection has been established. Venema illustrates the problem with an example involving securing SMTP with TLS. A client sends "STARTTLS\r\n"; using a man-in-the-middle attack an attacker changes this to "STARTTLS\r\nRSET\r\n". The client and server then establish a TLS connection. The server now regards the injected RSET command that was added during the unprotected phase as if it has been transferred subsequent to the TLS connection being established. The RSET command in this example is relatively innocuous as it is a harmless protocol reset command, but other commands could be injected in a similar fashion.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"7","type":"x","order":"1","pct":87.5,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.