AFS and tokenforwarding

Tom Holroyd tomh at po.crl.go.jp
Fri Oct 5 11:24:04 EST 2001


On Thu, 4 Oct 2001, Markus Friedl wrote:

> > A masquerading server can always
> > forward the authentication information to the real server and use that
> > response as a legitimate reply. Thus you may still be passing
> > credentials down to an impostor. Either way you do it, you can always
> > be fooled. A similar problem exists with the common "pass passwords in
> > the clear" methods used by ssh. Hopefully this is fixed in v2 but I
> > never really bothered to check.
>
> same thing can happen in ssh v2 unless you use pubkey authentication.
> successful pubkey authentication is only possible if there is no MITM.

Oh, also with SRP, a MITM can forward the auth session but he gains
nothing by it; SRP doesn't leak information (not even password length).
(Well, if he does a MITM attack against the initial DH he can get your
username...)




More information about the openssh-unix-dev mailing list