Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP AUTH BASIC monowall.

From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 15 Mar 2006 13:22:45 -0500
Simon Smith wrote:


Ok,
   As suspected... so I am correct; and it is a security threat. I can
compromise a network, arp poison it, MiTM, access the firewall,
distributed metastasis, presto... owned...
Yes and no... as others have pointed out, you already have much larger problems at that point, such as the fact that your network has been totally and completely compromised from the inside in order to do the MitM in the first place... I can see some reasons why one would want to do that, but really, if you can execute a good MitM attack, there really isn't anything you can't do... once you've broken the encryption you can intercept all kinds of auth traffic and replay it. OK - at that point, maybe you can tunnel under the SSL using another form of encryption as a wrapper for the authentication infrastructure... aside from that, there really isn't much to do... certs, shared keys, etc... these can all be grabbed from the air if the SSL traffic is MitM'ed. Essentially, we're talking very significant owning of a network in order to simply get the firewall password. At that point, I'd think there'd be even worse things that can be done. 

         -bkfsec



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: