Jump to content
Nytro

TSIG authentication bypass through signature forgery in ISC BIND

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

TSIG authentication bypass through signature forgery in ISC BIND

 

Synacktiv experts discovered a flaw within the TSIG protocol implementation in BIND that would allow an

attacker knowing a valid key name to bypass the TSIG authentication on zone updates, notify and transfers

operations.

This issue is due to the fact that when a wrong TSIG digest length is provided (aka the digest doesn’t have

a length that matches the hash algorithm used), the server still signs its answer by using the provided

digest as a prefix. This allows an attacker to forge the signature of a valid request, hence bypassing the

TSIG authentication.

 

Download: http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf

  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...