#596 Dialback key generation in 0.9 allows servers to impersonate to suffices

Reporter Thijs Alkemade
Owner MattJ
Stars ★ (1)
  • Type-Defect
  • Status-Fixed
  • Priority-High
  • Security
  1. Thijs Alkemade on

    1. example.lit connects to foo.example.lit claiming to be prosody.lit on the initial stream header 2. foo.example.lit offers dialback and stream ID "abc" 3. example.lit triggers a connection from prosody.lit to example.lit 4. example.lit offers dialback and stream ID "abcfoo." 5. prosody.lit generates SHA256("abcfoo.example.litprosody.litb97b59cd-f9f8-4d5e-b43f-96107303c30e") as dialback key: https://hg.prosody.im/0.9/file/0386ccf20ac7/plugins/mod_dialback.lua#l22 6. example.lit forwards this dialback key to foo.example.lit 7. foo.example.lit connects back to prosody.lit 8. prosody.lit says the key is valid 9. example.lit is now authorized to send messages to foo.example.lit pretending to be from prosody.lit The target domain doesn't strictly need to subdomain, just a suffix: alice.example.lit could be impersonated by lice.example.lit. This is pretty common for things like no-ip.org. The problem is the lack of separation of the different fields in generate_dialback(). XEP-0185 fixes this by requiring spaces between the different parts. https://hg.prosody.im/0.10/rev/dd8265ca9327 implemented that, but only for 0.10+.

  2. MattJ on

    • owner MattJ
    • tags Status-Fixed
  3. MattJ on

    Fixed in 5c6e78dc1864.

  4. MattJ on

    • tags Hidden

New comment

Not published. Used for spam prevention and optional update notifications.