[PATCH] Fix SPNEGO interoperability with servers implementing RFC2478

David Woodhouse dwmw2 at infradead.org
Fri Jul 25 19:26:54 EDT 2014

On Fri, 2014-07-25 at 18:57 -0400, Greg Hudson wrote:
> > A server compliant with RFC4178 will not only send request-mic, but it
> > will also expect us to actually *send* a MIC. If a hypothetical attacker
> > downgrades 'request-mic' in the reply to 'accept-incomplete', the server
> > isn't actually going to accept our authentication, surely?
> I think the server will wind up returning accept-incomplete because it
> hasn't yet received a mic from the client.  But the client won't
> necessarily see that; the attacker could alter the final message from
> the server to have accept-complete state.

Looking at handle_mic(), I think our implementation will return
GSS_S_DEFECTIVE_TOKEN if it sees a final mechanism token without the MIC
attached. It doesn't return GSS_S_CONTINUE_NEEDED and hope for the MIC
to come in later on its own. I don't think that's even possible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20140726/75bcf9f5/attachment.bin

More information about the krbdev mailing list