Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCRAM: Client does not check low iteration counter #811 #815

Merged
merged 1 commit into from
Oct 23, 2023
Merged

SCRAM: Client does not check low iteration counter #811 #815

merged 1 commit into from
Oct 23, 2023

Conversation

GuidoKiener
Copy link
Contributor

Using mechanism SCRAM, a client does not abort authentication when the given iteration counter is lower than 4096.

A hostile server can send a small iteration counter (e.g. 1) and forces the client to send a ClientProof that is calculated with lowest computation time. Thus the hostile server can recover the client's password faster with an offline dictionary or brute-force attack.

This fix compares the iteration counter with the recommended minimum of 4096 and aborts the authentication if the server violates the recommended minimum.

@GuidoKiener
SCRAM: Client does not check low iteration counter cyrusimap#811
fa37586 
Using mechanism SCRAM, a client does not abort authentication
when the given iteration counter is lower than 4096.

A hostile server can send a small iteration counter (e.g. 1) and
forces the client to send a ClientProof that is calculated with
lowest computation time. Thus the hostile server can recover the
client's password faster with an offline dictionary or brute-force attack.

This fix compares the iteration counter with the recommended minimum
of 4096 and aborts the authentication if the server violates the
recommended minimum.

Signed-off-by: Guido Kiener <[email protected]>
@GuidoKiener GuidoKiener mentioned this pull request Oct 19, 2023
Closed
mistotebe
mistotebe approved these changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@mistotebe mistotebe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@quanah quanah merged commit 813cece into cyrusimap:master Oct 23, 2023
@quanah quanah added this to the 2.2.0 milestone Oct 23, 2023
@Neustradamus
Copy link
Contributor

@GuidoKiener: Thanks :)

Maybe you can look for -PLUS variants?

There is a recent history with jabber.ru MITM and SCRAM-SHA-*-PLUS is the security solution!

Some sources about jabber.ru:

@mistotebe
Copy link
Contributor

mistotebe commented Nov 17, 2023
edited
Loading

Maybe you can look for -PLUS variants?

There is a recent history with jabber.ru MITM and SCRAM-SHA-*-PLUS is the security solution!

@Neustradamus: You realise your comment looks irrelevant, since cyrus-sasl has supported SCRAM-*-PLUS for a while now? It can be used so long as the caller provides the relevant channel binding.

@Neustradamus
Copy link
Contributor

@mistotebe: It is not clear, sorry.
"RFC 9266: Channel Bindings for TLS 1.3" is not supported and it is for SCRAM-SHA-*-PLUS variants.

@mistotebe
Copy link
Contributor

I am not sure why you keep spamming existing tickets/PRs of an open source project with the same message, you have made your point already and more isn't helping. If you really want it resolved, please participate in development one way or the other.

@GuidoKiener
Copy link
Contributor Author

@mistotebe: It is not clear, sorry. "RFC 9266: Channel Bindings for TLS 1.3" is not supported and it is for SCRAM-SHA-*-PLUS variants.

I will have a look on it next weekend. I guess the channel binding issue can solved with imapd but not with httpd.

@GuidoKiener GuidoKiener deleted the gk/811master branch November 20, 2023 15:50
@Neustradamus
Copy link
Contributor

Neustradamus commented Nov 20, 2023
edited
Loading

@GuidoKiener: Thanks in advance :)

Can you look "tls-server-end-point" too?

It is in:

cc: @aamelnikov.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mistotebe mistotebe mistotebe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2.0
Development

Successfully merging this pull request may close these issues.
4 participants
@GuidoKiener @Neustradamus @mistotebe @quanah