You are here

T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks

September 28, 2011 - 8:30am

Addthis

 PROBLEM: 

Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks.

 PLATFORM: 

Tomcat 7.0.0 to 7.0.11
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.5.33
Earlier, unsupported versions may also be affected

 ABSTRACT: 

A remote user can conduct authentication bypass attacks.

 reference  LINKS: 

Apache Tomcat Security Advisory
SecurityTracker Alert ID: 1026095
CVE-2011-1184

 IMPACT ASSESSMENT: 

Medium 

Di scussion: 

The implementation of HTTP DIGEST authentication was discovered to have several weaknesses: replay attacks were permitted server nonces were not checked client nonce counts were not checked qop values were not checked realm values were not checked the server secret was hard-coded to a known string The result of these weaknesses is that DIGEST authentication was only as secure as BASIC authentication.

Impact:

A remote user can conduct authentication bypass attacks.

Solution:

The vendor has issued a fix.
Apache Tomcat Revision 1158180

Addthis