On Tue, Feb 03, 2004 at 14:05:25 -0800, Matt Zimmerman wrote: > > mod_digest for Apache does not properly verify the nonce of a client > > response by using a AuthNonce secret.
> Can anyone explain the true impact of this bug? I'm not sure, but this is my best guess/interpretation from googling around a bit: (http://frontier.userland.com/stories/storyReader$2159 - HTTP Authentication Schemes; RFC 2617 -- HTTP Authentication: Basic and Digest Access Authentication, http://zvon.org/tmRFC/RFC2617/Output/longContents.html) Apache supports Digest Authentication, a method of authentication in which the password isn't transmitted in plain as it is with Basic access authentication. (Digest Authentication is intended to replace the Basic mechanism. It is not a strong authentication mechanism compared to public key based mechanisms (say Basic authentication over SSL/TLS), but it is considered stronger than e.g. CRAM-MD5.) Digest authentication in its basic form is vulnerable to replay attacks (RFC, sec. 4.5). It can be protected against replay attacks by employing server-generated "nonce" values. The issue at hand is that Apache's mod_digest implementation of Digest Authentication implements this protection against replay attacks incorrectly or incompletely. A web server running Apache where mod_digest is used for authentication may thus unexpectedly be vulnerable to replay attacks. (In an advisory, I'd point to the security considerations in the RFC and strongly recommend the use of SSL/TLS over plain HTTP with Digest Authentication) Ray -- Lately, the only thing keeping me from being a serial killer is my distaste for manual labor. Dilbert in http://www.unitedmedia.com/comics/dilbert/archive/dilbert-20010107.html