Information Assurance

YOUR NAME GOES HERE


front | classes | research | personal | contact

Information Assurance

Bugtraq Analysis

APOP Vulnerability

Topic source (PDF)

MD5 collisions applied to APOP (PDF)

back to bugtraq analyses page

Problem:
There is a security vulnerability in the APOP protocol related to collision attacks against MD5. Using the “man in the middle” attack, a hacker can gain the first few characters of a password while sniffing a connection with only a few hundred authentications from the client. APOP is a protocol used by email clients, such as thunderbird, to encrypt your password as it travels over the network. A man in the middle attack is when a hacker is sniffing a network connection unbeknownst to either side of a connection. The hacker can read insert and modify messages going back and forth between the client and the server.

How to do it:
• First the attacker poses as a POP server
• Then he generates two message ID’s that will collide in the APOP hash if the password begins in a specified way
• The client will then return the hash, and from this the attacker can learn some of the password characters
- the attacker can gain characters one by one using this method.
- The attacker can only obtain three of the characters due to the way MD5 collisions are computed
- however, knowing 3 of the 8 characters allows the attacker to perform a brute force attack on the remaining 5 characters, which
only takes a few hours.

Technical:
"The msg-ids will be generated from a MD5 collision: if you have two colliding messages for MD5 "x" and "<¿¿¿¿@¿¿¿¿>x", and the message are of length two blocks, then you will use "" and "<¿¿¿¿@¿¿¿¿>" as msg-ids. When the client computes MD5(msg-id||passwd) with these two, it will collide if the first password character if 'x', no matter what is next (since we are at a block boundary, and the end of the password will be the same in the two hashs). Therefore you can learn the password characters one by one (actually you can only recover three of them, due to the way MD5 collisions are computed).”

Prevention:
-Authenticate your connection to a server by using TSL or SSL to prevent eavesdropping, tampering or message forgery.

Work Around:
-Don’t use a mail client that supports APOP, such as outlook or apple mail.
Future prevention:
-mail clients should carefully check the RFC-compliance of the message-id
-this isn’t guaranteed to work for long though.
RFC = ‘request for comments’ -RFCs define Internet standards