Movatterモバイル変換

[0]ホーム
URL:

Docs Overview
Project
Bug BountyBug ReportCode of conductDependenciesDonateFAQFeaturesGovernanceHistoryInstallKnown BugsLogoTODOwebsite Info
Protocols
CA ExtractHTTP cookiesHTTP/3MQTTSSL certsSSL libs comparedURL syntaxWebSocket
Releases
Changelogcurl CVEsRelease TableVersion NumberingVulnerabilities
Tool
Comparison Tablecurl man pageHTTP Scriptingmk-ca-bundleTutorialWhen options were added
Who and Why
CompaniesCopyrightSponsorsThanksThe name
curl /Docs /curl CVEs /TLS 1.3 session ticket proxy host mix-up
Related:
Audits
Bug Bounty
Changelog
curl CVEs
JSON metadata
Original report
Vulnerability Disclosure
Vulnerabilities Table

CVE-2021-22890

TLS 1.3 session ticketproxy host mix-up

Project curl Security Advisory, March 31st 2021 -Permalink

VULNERABILITY

Enabled by default, libcurl supports the use of TLS 1.3 sessiontickets to resume previous TLS sessions to speed up subsequent TLShandshakes.

When using an HTTPS proxy and TLS 1.3, libcurl can confuse sessiontickets arriving from the HTTPS proxy but work as if they arrived fromthe remote server and then wrongly "short-cut" the host handshake. Thereason for this confusion is the modified sequence from TLS 1.2 when thesession ids would provided only during the TLS handshake, while in TLS1.3 it happens post hand-shake and the code was not updated to take thatchanged behavior into account.

When confusing the tickets, an HTTPS proxy can trick libcurl to usethe wrong session ticket resume for the host and thereby circumvent theserver TLS certificate check and make a MITM attack to be possible toperform unnoticed.

This flaw can allow a malicious HTTPS proxy to MITM the traffic. Sucha malicious HTTPS proxy needs to provide a certificate that curl acceptsfor the MITMed server for an attack to work - unless curl has been toldto ignore the server certificate check.

INFO

It can only trigger when TLS 1.3 is used with the HTTPS proxy and notwith earlier TLS versions. Itcannot trigger with TLS 1.2 orearlier versions.

It might be worth highlighting that an HTTPS proxy is a proxy whichlibcurl communicates with over TLS specifically, and then speaks HTTPSthrough, making it two layers of TLS. It is different than the morecommon HTTP proxy setup, where libcurl just does normal TCP with theproxy.

The Common Vulnerabilities and Exposures (CVE) project has assignedthe name CVE-2021-22890 to this issue.

CWE-290: Authentication Bypass by Spoofing

Severity: Low

AFFECTED VERSIONS

This issue only exists when libcurl is built to use OpenSSL or one ofits forks.

Also note that libcurl is used by many applications, and not alwaysadvertised as such.

SOLUTION

Make sure the proxy/host distinction is done correctly.

RECOMMENDATIONS

We suggest you take one of the following actions immediately, inorder of preference:

A - Upgrade libcurl to version7.76.0

B - Apply the patch to your local version

C - Use another TLS backend

D - Avoid TLS 1.3 with HTTPS proxies

TIMELINE

This issue was reported to the curl project on March 17, 2021.

This advisory was posted on March 31st 2021.

CREDITS

Thanks a lot!

[8]ページ先頭
©2009-2025 Movatter.jp