mellium/xmpp
9
10
Fork 6
Code Issues 54 Pull requests 6 Releases 12 Activity

websocket: default TLS config verifies wrong TLS certificate #259

New issue
Closed
opened 2022-02-11 16:44:48 +00:00 by SamWhited · 0 comments
SamWhited commented 2022-02-11 16:44:48 +00:00
Owner
Copy link

A report has been filed about a potential security issue in the websocket package. The default TLS configuration that is constructed if no user TLS config is provided verifies the domain of the websocket connection endpoint discovered via DNS TXT lookups instead of the domain on the original JID, meaning that any attacker that can spoof DNS can point the TXT record at their own domain and it will validate successfully.

A report has been filed about a potential security issue in the `websocket` package. The default TLS configuration that is constructed if no user TLS config is provided verifies the domain of the websocket connection endpoint discovered via DNS TXT lookups instead of the domain on the original JID, meaning that any attacker that can spoof DNS can point the TXT record at their own domain and it will validate successfully. - **CVE ID:** [CVE-2022-24968](https://nvd.nist.gov/vuln/detail/CVE-2022-24968) - **Affected versions:** v0.18.0, v0.19.0, v0.20.0, v0.21.0 - **Patch:** #260 - **Fixed in:** v0.21.1 - **Report:** https://mellium.im/cve/cve-2022-24968/
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
387_xml_stream_handling
xep-0420
openfire_tests
dial_testing
bump_deps
137_bob
cb_tls13
styling_dedup
ci_mcabber
fix_mcabber
goupdate
genxml
forward_unwrap_tests
fields
fixed
xtime_ejabberd_integration
stream_config
moved2
118_default_serve
126_verify_valid_tokens
integration_test_fixes
s2s_package
profanity_integration_tests
fix_state_mutex_race
context_deadline
sasl_test_package
integration_design
marshal_tokenreader
session_decoder
namespace_fixes
stanza_mux
textutil
codec
experiment_allocs
xep0004_data_forms
xep0199_ping
v0.21.4
v0.21.3
v0.21.2
v0.21.1
v0.21.0
v0.20.0
v0.19.0
v0.18.0
v0.17.1
v0.17.0
v0.16.0
v0.15.0
v0.14.0
v0.13.0
v0.12.0
v0.11.1
v0.11.0
v0.10.0
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
v0.0.1
Labels
Clear labels   
bug

Something isn't working

  
CI

Changes relating to builds and CI

  
documentation

Requires non-code documentation changes

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
i18n

Internationalization concerns

  
invalid

This doesn't seem right

  
needs-investigation

This issue needs to be investigated before being further classified or rejected.

  
ops

Issue related to operations (but not operational security)

  
proposal

A proposal for a new feature or large change

  
proposal-accepted

Status for proposals that will be implemented.

  
proposal-declined

Status of proposals that will not be implemented.

  
question

Further information is requested

  
refactor

Any issue meant to track a refactor of code

  
security

Any issue with an impact on security including vulnerabilities

  
testing

Changes related to testing such as new tests or harnesses

  
upstream

A tracking issue for a problem with an upstream project

  
wontfix

This will not be worked on

  
Kind: Breaking

   
Kind: Bug

   
Kind: Documentation

   
Kind: Enhancement

   
Kind: Feature

   
Kind: Maintenance

   
Kind: Question

   
Kind: Security

   
Kind: Testing

   
Priority: Critical

The priority is critical

  
Priority: High

The priority is high

  
Priority: Low

The priority is low

  
Priority: Medium

The priority is medium

  
Reviewed: Confirmed

Something has been confirmed

  
Reviewed: Duplicate

Something exists already

  
Reviewed: Invalid

Something was marked as invalid

  
Status: Blocked

   
Status: Completed

Work is complete

  
Status: Help wanted

   
Status: In progress

Work is in progress

  
Status: Needs feedback

Feedback is needed

  
Status: Stale
No labels
bug
CI
documentation
duplicate
enhancement
good first issue
help wanted
i18n
invalid
needs-investigation
ops
proposal
proposal-accepted
proposal-declined
question
refactor
security
testing
upstream
wontfix
Kind: Breaking
Kind: Bug
Kind: Documentation
Kind: Enhancement
Kind: Feature
Kind: Maintenance
Kind: Question
Kind: Security
Kind: Testing
Priority: Critical
Priority: High
Priority: Low
Priority: Medium
Reviewed: Confirmed
Reviewed: Duplicate
Reviewed: Invalid
Status: Blocked
Status: Completed
Status: Help wanted
Status: In progress
Status: Needs feedback
Status: Stale
Milestone
Clear milestone
No items
No milestone
v0.21.1
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: mellium/xmpp#259
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?