oss-sec mailing list archives
Re: STARTTLS vulnerabilities
From: Matthew Wild <mwild1 () gmail com>
Date: Wed, 11 Aug 2021 08:09:57 +0100
On Tue, 10 Aug 2021 at 14:52, Guido Berhoerster < guido+openwall.com () berhoerster name> wrote:
Hi, have you or are you planning to look into XMPP client/server implementations as well? The use of STARTTLS for both c2s and s2s connections is still prevalent both in terms of implementation support and actual practice and could potentially suffer form the same issues (command injection or downgrade attacks).
XMPP has some additional protections against this in its design. It is required, after TLS negotiation, for both parties to discard the pre-TLS XML stream and negotiate a new one after TLS has been established[1]. Combined with TLS being considered mandatory by practically all modern implementations and deployments[2], I'd hope that the attacks described here do not translate well to the XMPP ecosystem. However we all know standards are not always reflective of the real world. We (the XMPP Standards Foundation and community) are always open to researchers interested in this kind of thing, and have collaborated in the past for coordinating disclosure of cross-implementation vulnerabilities. Regards, Matthew [1]: https://xmpp.org/rfcs/rfc6120.html#tls-process-neg-success [2]: https://xmpp.org/2013/11/xmpp-ubiquitous-encryption-a-manifesto/
Current thread:
- STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Guido Berhoerster (Aug 10)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Eric Blake (Aug 11)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
- Re: STARTTLS vulnerabilities Eric Blake (Aug 16)
- Re: STARTTLS vulnerabilities Eric Blake (Aug 18)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Guido Berhoerster (Aug 10)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
- Re: STARTTLS vulnerabilities Matthew Wild (Aug 11)