Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.io/users/wolf480pl/statuses/111291469300346065">Wolf480pl (wolf480pl@mstdn.io)'s status on Wednesday, 25-Oct-2023 04:02:16 JST</a><a href="https://mstdn.io/@wolf480pl" title="wolf480pl@mstdn.io"><img src="https://gnusocial.jp/avatar/6007-48-20250211223719.webp" width="48" height="48" alt="Wolf480pl" style="position: absolute; left: 0; top: 0;">Wolf480pl</a><div><a href="https://social.anoxinon.de/@jabberati/111291447971883315" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/150078" title="jabberati@social.anoxinon.de">jabberati</a></li></ul></div></section><article><p><a href="https://social.anoxinon.de/@jabberati">@jabberati</a> <a href="https://bikeshed.party/users/feld">@feld</a> <br>they attacker could try send valid XMPP stanzas unencrypted, together with the starttls and a buggy server may interpret them as part of the encrypted and authenticated connection after starttls.</p><p>If a server has a bug like that, an attacker in a MITM position can inject stanzas into client's session without actually MITMing the TLS.</p><p>this blog has an example for SMTP:</p><p><a href="https://blog.apnic.net/2021/11/18/vulnerabilities-show-why-starttls-should-be-avoided-if-possible/" rel="nofollow noreferrer">https://blog.apnic.net/2021/11/18/vulnerabilities-show-why-starttls-should-be-avoided-if-possible/</a><br>(haven't read the whole blog post, only the example SMTP exchange)</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2228216#notice-4386008">In conversation</a><time datetime="2023-10-25T04:02:16+09:00" title="Wednesday, 25-Oct-2023 04:02:16 JST">Wednesday, 25-Oct-2023 04:02:16 JST</time> <span>from <span><a href="https://mstdn.io/@wolf480pl/111291469300346065" rel="external" title="Sent from mstdn.io via ActivityPub">mstdn.io</a></span></span><a href="https://mstdn.io/@wolf480pl/111291469300346065">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Wednesday, 25-Oct-2023 04:02:16 JSTWolf480pl
in reply to
- feld
- jabberati
@jabberati @feld
they attacker could try send valid XMPP stanzas unencrypted, together with the starttls and a buggy server may interpret them as part of the encrypted and authenticated connection after starttls.
If a server has a bug like that, an attacker in a MITM position can inject stanzas into client's session without actually MITMing the TLS.
this blog has an example for SMTP:
https://blog.apnic.net/2021/11/18/vulnerabilities-show-why-starttls-should-be-avoided-if-possible/
(haven't read the whole blog post, only the example SMTP exchange)
In conversationWednesday, 25-Oct-2023 04:02:16 JST from mstdn.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice