- From: David Harrison <harrisod@cs.rpi.edu>
- Date: Wed, 1 Mar 1995 17:17:03 -0500
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, eric@spyglass.com
I skimmed the Internet draft for an MD5 simple access authentication mechanism at: http://www.spyglass.com/techreport/simple_aa.txt I have read about SHTTP and HTTP, and see both using nonces for the authentication step in access control (although SHTTP has some other mechanisms as well). Not meaning to be presumptuous, but shouldn't the MD5 response field be "<nonce> <password> <resource requested>" as oppossed to "<nonce> <password>." It seems to me that the "<nonce> <password>" is vulnerable to a man in the middle attack. Here's my reasoning: 1. Alice requests resource R1. Mallet simultaneously requests R2 which Alice has access to. 2. Since these are two separate transactions, the server (or possibly separate servers) returns two nonce values N1 and N2 for R1 and R2 respectively. 3. Provided that the same password protects both resources, Mallet can swap N2 for N1. 4. Mallet intercepts Alice's authorization and swaps response field into the authorization for resource R2. 5. The server returns R2 instead of R1 which is not encrypted (since no encryption mechanism has been employed in HTTP), therefore Mallet picks up R2 as it goes by on the network. In this manner, Mallet can gain access to any resource available to Alice so long as the resources are accessed using the same password. Perhaps this is a petty problem, but it would be so easy to fix. David Harrison Computer Science Dept. Rensselaer Polytechnic Institute
Received on Wednesday, 1 March 1995 14:21:08 UTC