[NEWS] Mozilla / Mozilla Firefox Authentication Weakness
From: SecuriTeam (support_at_securiteam.com)
Date: 09/20/05
- Previous message: SecuriTeam: "[UNIX] Two Bugzilla Information Disclosure Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 20 Sep 2005 11:27:24 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Mozilla / Mozilla Firefox Authentication Weakness
------------------------------------------------------------------------
SUMMARY
A security weakness has been discovered in Mozilla's Authentication
process, where instead of using the strongest authentication scheme from a
list of available schemes, Mozilla would prefer the first one listed.
DETAILS
Vulnerable Systems:
* Mozilla 1.7.11 (Windows version tested)
* FireFox 1.0.6 (Windows version tested)
Firefox and Mozilla browser have vulnerability in authentication mechanism
implementation. Potential impact of this vulnerability is weak
authentication protocol (for example cleartext) may be chosen for Web site
authentication instead of stronger one.
From <http://www.faqs.org/rfcs/rfc2617.html> RFC 2617:
The user agent MUST choose to use one of the challenges with the strongest
auth-scheme it understands and request credentials from the user based
upon that challenge.
Instead, Mozilla uses authentication schemes in the order of
WWW-Authenticate headers sent by Web server. It may lead to situation weak
authentication (for example cleartext "Basic" authentication) may be
chosen by Mozilla while both server and Mozilla support stronger
authentication mechanism.
This links demonstrate initial handshake for different authentication
protocols:
<http://www.security.nnov.ru/files/atest/basic.asp>
http://www.security.nnov.ru/files/atest/basic.asp - Basic authentication
<http://www.security.nnov.ru/files/atest/digest.asp>
http://www.security.nnov.ru/files/atest/digest.asp - Digest authentication
<http://www.security.nnov.ru/files/atest/ntlm.asp>
http://www.security.nnov.ru/files/atest/ntlm.asp - NTLM authentication
<http://www.security.nnov.ru/files/atest/negotiate.asp>
http://www.security.nnov.ru/files/atest/negotiate.asp - Negotiate
authentication
With this link you can check which protocol was chosen by browser, if
server support few authentication protocols:
<http://www.security.nnov.ru/files/atest/all.asp>
http://www.security.nnov.ru/files/atest/all.asp
For Mozilla/Firefox "Basic" authentication with cleartext login/password
transmitted over the wire will be chosen by default. By pressing "Cancel"
you can choose different authentication.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2395>
CAN-2005-2395
Bugzilla:
<https://bugzilla.mozilla.org/show_bug.cgi?id=281851>
https://bugzilla.mozilla.org/show_bug.cgi?id=281851
ADDITIONAL INFORMATION
The information has been provided by <mailto:3APA3A@security.nnov.ru>
3APA3A.
The original article can be found at:
<http://www.security.nnov.ru/Jdocument717.html>
http://www.security.nnov.ru/Jdocument717.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] Two Bugzilla Information Disclosure Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Apache mod_auth_pgsql Format String Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Apache mod_auth_pgsql Format
String Vulnerability ... mod_auth_pgsql "allows user authentication (and can log authentication
... The mod_auth_pgsql module for the Apache httpd is a third party ... (Securiteam) - [NT] PGP Authentication and User Managment Bypass
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PGP Authentication and
User Managment Bypass ... A design flaw allows attackers to bypass authentication with
PGP SDA. ... (Securiteam) - [NEWS] Novell ZENWorks Multiple Remote Overflows
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... This authentication protocol
contains several stack and heap ... overflows that can be triggered by an unauthenticated
remote attacker to ... Exploiting those vulnerabilities may lead to executing ...
(Securiteam) - [UNIX] MySQL Authentication Scheme Bypass
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... By submitting a carefully crafted
authentication packet, ... the user has specified a 'scrambled' string that is as long
... stack-based buffer 'buff' can be overflowed by a long 'scramble' string. ...
(Securiteam) - RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PD
... Please open IIS manager console, navigate to Web Sites->Default Web Site
... Click Directory Security tap, Under Authentication and access control, ... When
opening a new thread via the web interface, we recommend you check the ... (microsoft.public.windows.server.sbs)
