On Tue, Feb 03, 2004 at 14:05:25 -0800, Matt Zimmerman wrote:
mod_digest for Apache does not properly verify the nonce of a client
response by using a AuthNonce secret.
Can anyone explain the true impact of this bug?
I'm not sure, but this is my best guess/interpretation from googling around
a bit:
(http://frontier.userland.com/stories/storyReader$2159 - HTTP Authentication
Schemes;
RFC 2617 -- HTTP Authentication: Basic and Digest Access Authentication,
http://zvon.org/tmRFC/RFC2617/Output/longContents.html)
Apache supports Digest Authentication, a method of authentication in which
the password isn't transmitted in plain as it is with Basic access
authentication.
(Digest Authentication is intended to replace the Basic mechanism. It is not
a strong authentication mechanism compared to public key based mechanisms
(say Basic authentication over SSL/TLS), but it is considered stronger than
e.g. CRAM-MD5.)
Digest authentication in its basic form is vulnerable to replay attacks
(RFC, sec. 4.5). It can be protected against replay attacks by employing
server-generated nonce values.
The issue at hand is that Apache's mod_digest implementation of Digest
Authentication implements this protection against replay attacks incorrectly
or incompletely. A web server running Apache where mod_digest is used for
authentication may thus unexpectedly be vulnerable to replay attacks.
(In an advisory, I'd point to the security considerations in the RFC and
strongly recommend the use of SSL/TLS over plain HTTP with Digest
Authentication)
Ray
--
Lately, the only thing keeping me from being a serial killer is my distaste
for manual labor.
Dilbert in
http://www.unitedmedia.com/comics/dilbert/archive/dilbert-20010107.html
