<<< Date Index >>>     <<< Thread Index >>>

Re: Security vulnerability in APOP authentication



Hi,

* Gaëtan LEURENT [07-03-14 15:53:36 +0100] wrote:

This attack is really a practical one: it needs about an hour of
computation and a few hundred authentications from the client, and can
recover three password characters.  I tested it against mutt, and
it does work.

Well, this is a difficult issue. First, using hash algorithms always leaves us with the risk of collisions if it's only a theoretical one.

Second, you have the same problem if someone can construct a collision with fully RfC-compliant message-ids.

Third, you have many other problems once someone owns your pop server. :)

However, using the current techniques available to attack MD5, the
msg-ids sent by the server can easily be distinguished from genuine ones
as they will not respect the RFC specification.  In particular, they
will contain non-ASCII characters.  Therefore, as a security
countermeasure, I think mutt should reject msg-ids that does not conform
to the RFC.

APOP IMHO should never be considered a secure way of authentication, it's just more secure than sending plain passwords over the wire. But yes, since the RfC says the "timestamp" must be syntacially valid message-id and mutt doesn't check it, there's some room of improvement.

On the other hand, it may not be very nice to abort authentication in case the server config is so broken that it generates invalid message-ids...

  bye, Rocco
--
:wq!