- From: David Harrison <harrisod@cs.rpi.edu>
- Date: Wed, 1 Mar 1995 17:17:03 -0500
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, eric@spyglass.com
I skimmed the Internet draft for an MD5 simple access authentication mechanism
at:
http://www.spyglass.com/techreport/simple_aa.txt
I have read about SHTTP and HTTP, and see both using nonces for the
authentication step in access control (although SHTTP has some other
mechanisms as well). Not meaning to be presumptuous, but
shouldn't the MD5 response field be "<nonce> <password> <resource requested>"
as oppossed to "<nonce> <password>."
It seems to me that the "<nonce> <password>" is vulnerable to a man in the
middle attack. Here's my reasoning:
1. Alice requests resource R1.
Mallet simultaneously requests R2 which Alice has access to.
2. Since these are two separate transactions, the server (or possibly separate
servers) returns two nonce values N1 and N2 for R1 and R2 respectively.
3. Provided that the same password protects both resources, Mallet
can swap N2 for N1.
4. Mallet intercepts Alice's authorization and swaps response field into
the authorization for resource R2.
5. The server returns R2 instead of R1 which is not encrypted
(since no encryption mechanism has been employed in HTTP), therefore
Mallet picks up R2 as it goes by on the network.
In this manner, Mallet can gain access to any resource available to Alice so
long as the resources are accessed using the same password.
Perhaps this is a petty problem, but it would be so easy to fix.
David Harrison
Computer Science Dept.
Rensselaer Polytechnic Institute
Received on Wednesday, 1 March 1995 14:21:08 UTC