Vigil@nce - OpenBSD: accepting another certificate via ftp
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can setup a malicious server, with a certificate valid
for another server, which is accepted by the ftp client of
OpenBSD, in order to invite the victim to connect to a server
setup as a Man-in-the-Middle.
Impacted products: OpenBSD
Severity: 2/4
Creation date: 10/04/2014
DESCRIPTION OF THE VULNERABILITY
The ftp client of OpenBSD can be used to download files hosted on
web sites with SSL/TLS (HTTPS).
However, this ftp client does not check if the server name is the
same as the name indicated in its X.509 certificate.
An attacker can therefore setup a malicious server, with a
certificate valid for another server, which is accepted by the ftp
client of OpenBSD, in order to invite the victim to connect to a
server setup as a Man-in-the-Middle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenBSD-accepting-another-certificate-via-ftp-14574