[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Requesting a CVE id for =?iso-8859-1?Q?Trojit=E1,_an_e-mail_client:_SSL_stripping?=
From: Jan_Kundrát <jkt () flaska ! net>
Date: 2014-03-19 18:52:04
Message-ID: 8f661e38-7221-4b6a-839f-e94e2a093b4d () flaska ! net
[Download RAW message or body]
Hi folks, I would appreciate a Cc on responses as I'm not subscribed to
this list. I would like to request a CVE for the following vulnerability:
Summary
-------
An SSL stripping vulnerability was discovered in Trojitá [1], a fast Qt
IMAP e-mail client. *User's credentials are never leaked*, but if a user
tries to send an e-mail, the automatic saving into the "sent" or "draft"
folders could happen over a plaintext connection even if the user's
preferences specify STARTTLS as a requirement.
Background
----------
The IMAP protocol defines the STARTTLS command which is used to
transparently upgrade a plaintext connection to an encrypted one using
SSL/TLS. The STARTTLS command can only be issued in an unauthenticated
state as per the IMAP's state machine.
RFC 3501 also allows for a possibility of the connection jumping
immediately into an authenticated state via the PREAUTH initial response.
However, as the STARTTLS command cannot be issued once in the authenticated
state, an attacker able to intercept and modify the network communication
might trick the client into a state where the connection cannot be
encrypted anymore.
Affected versions
-----------------
All versions of Trojitá up to 0.4 are vulnerable.
The fix will be included in version 0.4.1 (to be released after the CVE
gets assigned).
Remedies
--------
Configurations which use the SSL/TLS form the very beginning (e.g. the
connections using port 993) are secure and not vulnerable.
Possible impact
---------------
The user's credentials will *never* be transmitted over a plaintext
connection even in presence of this attack.
Because Trojitá proceeded to use the connection without STARTTLS in face of
PREAUTH, certain data might be leaked to the attacker. The only example
which we were able to identify is the full content of a message which the
user attempts to save to their "Sent" folder while trying to send a mail.
We don't believe that any other data could be leaked. Again, user's
credentials will *not* be leaked as they are never transmitted under this
scenario.
Acknowledgement
---------------
Thanks to Arnt Gulbrandsen on the imap-protocol ML for asking what happens
when we're configured to request STARTTLS and a PREAUTH is received, and to
Michael M Slusarz for starting that discussion.
[1] http://trojita.flaska.net/
With kind regards,
Jan
--
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic