[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS renotiation
Emmanuel Lecharny wrote:
> Howard Chu wrote:
>> Ludovic Poitou wrote:
>>
>>> Howard,
>>>
>>> Our security expert at Sun consider that the attack could be applied to
>>> LDAP, although it will be more complex to achieve for all the good
>>> reasons you've outline (session-oriented, with explicit authentication
>>> attached to a session, and is a record-oriented ASN.1 encoded protocol
>>> with precisely defined message structure).
>>> The renegotiation in the attack is as far as I understand, driven by the
>>> man in the middle, and so even though OpenLDAP slapd never request the
>>> renegociation, it is still subject to the attack.
>> Hi Ludo, thanks for the note. Kurt and I were discussing this offline and he
>> has suggested a possible attack as well. I'm still not convinced of the
>> details but we'll continue to investigate.
> Wondering if we (ApacheDS) can be a possible target, assuming that we
> are Java based. Any idea ?
Kurt will be posting a more extensive message on the topic later. I suppose
your degree of exposure depends on certain details of your implementation of
ldaps:// and/or StartTLS. In the case of OpenLDAP, it is impossible for a MITM
to perform a privilege escalation with this attack. There are other things an
attacker could do, such as nullifying a particular client request. It amounts
to being able to DOS a specific client or a specific user, which is
interesting and annoying, but also highly traceable...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/