GNOME Bugzilla – Bug 424373
[PATCH] APOP Authentication Vulnerability
Last modified: 2007-05-03 10:01:36 UTC
gaetan.leurent ens.fr wrote: > I found a security vulnerability in the APOP authentication. It is > related to recent collision attacks by Wang and al. against MD5. The > basic idea is to craft a pair of message-ids that will collide in the > APOP hash if the password begins in a specified way. So the attacker > would impersonate a POP server, and send these msg-id; the client will > return the hash, and the attacker can learn some password characters. > > The msg-ids will be generated from a MD5 collision: if you have two > colliding messages for MD5 "<????@????>x" and "<¿¿¿¿@¿¿¿¿>x", and the > message are of length two blocks, then you will use "<????@????>" and > "<¿¿¿¿@¿¿¿¿>" as msg-ids. When the client computes MD5(msg-id||passwd) > with these two, it will collide if the first password character if 'x', > no matter what is next (since we are at a block boundary, and the end of > the password will be the same in the two hashs). Therefore you can > learn the password characters one by one (actually you can only recover > three of them, due to the way MD5 collisions are computed). > > This attack is really a practical one: it needs about an hour of > computation and a few hundred authentications from the client, and can > recover three password characters. I tested it against Evolution, and > it does work. > > However, using the current techniques available to attack MD5, the > msg-ids sent by the server can easily be distinguished from genuine ones > as they will not respect the RFC specification. In particular, they > will contain non-ASCII characters. Therefore, as a security > countermeasure, I think Evolution should reject msg-ids that does not > conform to the RFC.
Created attachment 85552 [details] [review] Fix
Sankar: that entire string is weird to me, the second part is not even a whole sentence, and if i would be a user, i would just be left concerned without knowing what's going on here. can one rephrase this? and what is a MITM attack? please either write "Man in the middle" or just add a translator comment. translators are not computer security specialists, but just normal people that do not have to know the term "MITM"... http://developer.gnome.org/doc/tutorials/gnome-i18n/developer.html#use-comments
Agreed. Will change the string to something like : "Cannot connect to the server: %s. Invalid APOP id received. Impersonation attack suspected. Please contact your admin." Here APOP shouldn't be translated. I can add a README before the string.
s/id/ID, otherwise this sounds better. thanks :-)
ping ping ping ping ping ;-)
Was a final revision of this patch ever committed?
Nope. Still needs review :(
(In reply to comment #7) > Nope. > > Still needs review :( > Thought an update with the new string is coming along. ;-) Anyway, patch looks good except that string part.
Patch committed. String changed in trunk and no string added in stable branch.
Hi, You added a string in stable branch: "Unable to connect to POP server %s: " http://svn.gnome.org/viewcvs/evolution-data-server/branches/gnome-2-18/camel/providers/pop3/camel-pop3-store.c?r1=7656&r2=7723 The nearer string seems to be: #: ../camel/providers/pop3/camel-pop3-store.c:361 #, c-format msgid "Could not connect to POP server %s" What do you suggest?
I reused an old string. Just look at camel-pop3-store.c:557
If a new string has appeared in the .pot file, it means that you DID use a new string: http://l10n.gnome.org/module/evolution-data-server#gnome-2-18 The string you mention is : "Unable to connect to POP server %s.\n" "Error sending password: %s" The beginning of this string is the same as the new string, but for gettext, it's two different string.
Committed with the "Could not connect to POP server %s" string. Thanks for pointing it out. http://svn.gnome.org/viewcvs/evolution-data-server?view=revision&revision=7725