Vigil@nce: Psi IM, certificate spoofing via QLabel
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an X.509 certificate with a malicious Common
Name, in order to deceive the victim who uses Psi.
– Severity: 1/4
– Creation date: 10/10/2011
IMPACTED PRODUCTS
– Psi
DESCRIPTION OF THE VULNERABILITY
The Qt graphic library uses QLabel objects, in order to display a
text area.
The text format is defined in the enum Qt::TextFormat :
– Qt::PlainText : raw text
– Qt::RichText : complex text (table, frame, list, etc.)
– Qt::AutoText : autodetection of PlainText or RichText
By default, QLabel uses the Qt::AutoText format, so it analyzes
the content to detect how to display it.
The Psi software uses a QLabel to display the Common Name of an
X.509 certificate. However, the AutoText default format is used
(instead of PlainText). If the Common Name contains a table as
RichText, its second line is then displayed above the field.
An attacker can therefore use an X.509 certificate with a
malicious Common Name, in order to deceive the victim who uses Psi.
This vulnerability has the same origin than VIGILANCE-VUL-11028
(https://vigilance.fr/tree/1/11028).
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Psi-IM-certificate-spoofing-via-QLabel-11046