54 lines
1.8 KiB
Diff
54 lines
1.8 KiB
Diff
From 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 Mon Sep 17 00:00:00 2001
|
|
From: Kevin McCarthy <kevin@8t8.us>
|
|
Date: Sun, 14 Jun 2020 11:30:00 -0700
|
|
Subject: [PATCH] Prevent possible IMAP MITM via PREAUTH response.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not
|
|
allowed in the Authenticated state, so previously Mutt would
|
|
implicitly mark the connection as authenticated and skip any
|
|
encryption checking/enabling.
|
|
|
|
No credentials are exposed, but it does allow messages to be sent to
|
|
an attacker, via postpone or fcc'ing for instance.
|
|
|
|
Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the
|
|
connection if it is unencrypted.
|
|
|
|
Thanks very much to Damian Poddebniak and Fabian Ising from the
|
|
Münster University of Applied Sciences for reporting this issue, and
|
|
their help in testing the fix.
|
|
---
|
|
imap/imap.c | 16 ++++++++++++++++
|
|
1 file changed, 16 insertions(+)
|
|
|
|
diff --git a/imap/imap.c b/imap/imap.c
|
|
index 63362176..3ca10df4 100644
|
|
--- a/imap/imap.c
|
|
+++ b/imap/imap.c
|
|
@@ -493,6 +493,22 @@ int imap_open_connection (IMAP_DATA* idata)
|
|
}
|
|
else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0)
|
|
{
|
|
+#if defined(USE_SSL)
|
|
+ /* An unencrypted PREAUTH response is most likely a MITM attack.
|
|
+ * Require a confirmation. */
|
|
+ if (!idata->conn->ssf)
|
|
+ {
|
|
+ if (option(OPTSSLFORCETLS) ||
|
|
+ (query_quadoption (OPT_SSLSTARTTLS,
|
|
+ _("Abort unencrypted PREAUTH connection?")) != MUTT_NO))
|
|
+ {
|
|
+ mutt_error _("Encrypted connection unavailable");
|
|
+ mutt_sleep (1);
|
|
+ goto err_close_conn;
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
+
|
|
idata->state = IMAP_AUTHENTICATED;
|
|
if (imap_check_capabilities (idata) != 0)
|
|
goto bail;
|