oss-sec mailing list archives
Re: Re: Possible CVE request: subversion MD5 collision authentication leak
From: Ben Reser <ben () reser org>
Date: Mon, 04 Aug 2014 23:56:40 -0700
On 8/4/14 6:38 PM, Michael Samuel wrote:
Just to clarify - does the attacker have control of both $REALM parameters?
Only their own server. If they had access to the server they were attacking they would presumably have access to the repository directly and could do anything they wanted already.
A chosen prefix collision still requires the attacker provide both inputs (or at-least the suffix to both inputs).
I stand corrected. Re-read the documentation at the link I shared earlier and you're right you need to be able to modify the suffix on both sides of the collision. Which means that yes this is theoretical. Thanks for setting me right.
Current thread:
- Possible CVE request: subversion MD5 collision authentication leak Marcus Meissner (Aug 01)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Michael Samuel (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- <Possible follow-ups>
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 05)