Re: [exim] some OpenSSL topics

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [exim] some OpenSSL topics
On 2013-10-16 at 04:05 +0000, Viktor Dukhovni wrote:
>     - SMTP is not prone to HTTP's cross-site and chosen plaintext attacks,
>       no Javascript in pages served by HTTP servers directing clients to
>       other SMTP servers...  BEAST, CRIME, ... are HTTPS attacks not generic
>       TLS attacks.


Not true.

Given a client system A which is configured to send email through a
server B with SMTP AUTH, the BEAST/CRIME/... attacks can be used in a
message-body to discern the content of the SMTP AUTH. So, *if* SASL
PLAIN is being used, and the client system A can send emails under an
attacker's control (eg, automated monitoring system emails logging
attack events), and the attacker can see the encrypted traffic, then the
authentication credentials can be recovered.

-Phil