Re: [ldapext] LDAP and the TLS renegotiation vulnerabilities

[Michael Ströder <michael@stroeder.com>]

Kurt Zeilenga wrote:
> Because the LDAP SASL EXTERNAL BIND requests tend to have a predictable
> encoding and the TLS vulnerabilities allow for prefixing arbitrary data,
> it is possible for the attacker to construct an LDAP Simple "anonymous"
> Bind which eclipses the LDAP SASL EXTERNAL BIND and, hence, causes the
> subsequent LDAP requests to be processed "anonymously" instead of as the
> identity associated with the client's certificate.  This could lead to
> the client thinking some resources were absent when they actually
> exist.   There are variants of this scenario but this seems to be the
> most interesting.  Aside from disabling TLS renegotiating in the server,
> this particular attack can be mitigated by the client by initiating and
> completing LDAP search operation, such as as a read of the Root DSE,
> after the TLS handshake but before initiating the LDAP SASL EXTERNAL
> Bind request.

Disclaimer: I'd not claim to fully understand all of it yet.

I don't understand how the search request before the SASL bind request helps.
Could you please elaborate on that?

Wouldn't the use of the LDAP Whoami? Ext. Op. after the SASL bind request also
help? (Assuming that the client knows how the server maps the client cert to
an identity and the client cross-checks it.)

Ciao, Michael.

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext