Emmanuel Lecharny wrote:
Howard Chu wrote:
Ludovic Poitou wrote:
Howard,
Our security expert at Sun consider that the attack could be applied to LDAP, although it will be more complex to achieve for all the good reasons you've outline (session-oriented, with explicit authentication attached to a session, and is a record-oriented ASN.1 encoded protocol with precisely defined message structure). The renegotiation in the attack is as far as I understand, driven by the man in the middle, and so even though OpenLDAP slapd never request the renegociation, it is still subject to the attack.
Hi Ludo, thanks for the note. Kurt and I were discussing this offline and he has suggested a possible attack as well. I'm still not convinced of the details but we'll continue to investigate.
Wondering if we (ApacheDS) can be a possible target, assuming that we are Java based. Any idea ?
Kurt will be posting a more extensive message on the topic later. I suppose your degree of exposure depends on certain details of your implementation of ldaps:// and/or StartTLS. In the case of OpenLDAP, it is impossible for a MITM to perform a privilege escalation with this attack. There are other things an attacker could do, such as nullifying a particular client request. It amounts to being able to DOS a specific client or a specific user, which is interesting and annoying, but also highly traceable...