Hi,
I think that I just stumbled onto a possible security vulnerability in
CSecurityTLS. It seems as though CSecurityTLS::processMsg returns true
before the handshake has completed (possibly due to the "if (is.readU8() ==
0)" test on line 174). In the case of secTypes like x509plain, the user is
prompted for a username and password (meaning the client is processing phase
2 of the security stack) before the certificate has been verified. I
noticed this while testing a known bad certificate - presumably this means
that the username & password are sent in the clear since the TLS handshake
never completes.
-brian
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
