Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
... and, furthermore, the server requires that information to be sent in plaintext, and irreversibly updates its assessment of the client capabilities for this connection based on it (see MDEV-31585).
Spinning this off from my comment on CONC-648. (Like CONC-648, this is another TLS-related vulnerability.)
As I showed there, MariaDB clients including Connector/C send a great deal of identifying information about themselves in plaintext in the initial "login request" packet, even when they subsequently switch to TLS, and then resend a login request packet over the TLS channel:
This information includes the client capability bits, the client's MAX_ALLOWED_PACKET size, and the client's charset.
Copying from there:
This makes MariaDB client-server connections an exploitable and target-rich environment for pervasive MITM attackers. A government agency could, for example, fingerprint the plaintext client+server greeting packets to determine the exact versions, pull out the ones that appear to be from interesting parts of the world based on the plaintext preferred client charset, and manipulate them in various ways with MITM and downgrade attacks using this vulnerability, as well as the long-known
MDEV-28634... and all of that without needing to actually do any TLS cracking.For all I know, the NSA or CSIC or GCHQ or יחידה 8200 or the Chinese/Iranian/Indian/Russian/$COUNTRY equivalents have already figured this out themselves, and have been MITM'ing MariaDB connections on the Internet at massive scale for years.
Attachments
Issue Links
- includes
-
CONC-656 TLS-using MariaDB clients tell MITM attackers if they can be undetectably MITM'ed
- Closed
- relates to
-
MDEV-31585 Server improperly requires client capability bits to be sent IN PLAINTEXT prior to TLS handshake
- Open
-
CONC-648 Client improperly accepts error packets prior to TLS handshake
- Closed
- links to
Since a picture is worth 1,000 words.
Unpatched client talking to unpatched server
This is the plaintext client hello packet sent by an unpatched MariaDB client. It contains a great deal of information that can be used to fingerprint the client version, and it identifies the client's preferred character set (Russian, in this case!) which can be used to geographically identify the client. Trivially exploitable by every intelligence agency, ISP, or middlebox.
Client patched for CONC-654 talking to server patched for MDEV-31585
This is the plaintext client hello packet sent by a MariaDB client with my fix for CONC-654, talking to a server with my fix for MDEV-31585. It contains no meaningful information at all, other than a single bit which tells the server to expect a TLS handshake.