I found exploit of this auth method. Sorry for my English. Here i will try to describe how a hacker can feign a realy host. It's easy...
For example. Host A - real site which knows a password. Host B - user. Host C - faked host. User B connects to host C thinking that he connects as to host A. What is host C doing? It gets a crypted phrase from host B and forwards it to host A as a client B. Host A gets a phrase and thinking that phrase was gotten from B. It can decrypt it and sends a decrypted phrase to user (faked host C). Host C gets a decrypted phrase and forward it to host B. The host B gets a decrypted phrase and thinks that host C real authorized host A (bank for example). The END. The faked session between host B (user) and host C (hacker site) is opened. If i don't understand the idea of authors please correct me. But i think that this will work.
Slashdot Mirror
Hello!
I found exploit of this auth method.
Sorry for my English. Here i will try to describe how a hacker can feign a realy host. It's easy...
For example. Host A - real site which knows a password. Host B - user. Host C - faked host. User B connects to host C thinking that he connects as to host A. What is host C doing? It gets a crypted phrase from host B and forwards it to host A as a client B. Host A gets a phrase and thinking that phrase was gotten from B. It can decrypt it and sends a decrypted phrase to user (faked host C). Host C gets a decrypted phrase and forward it to host B. The host B gets a decrypted phrase and thinks that host C real authorized host A (bank for example).
The END. The faked session between host B (user) and host C (hacker site) is opened.
If i don't understand the idea of authors please correct me. But i think that this will work.
Best regards, Alexey Zvyagin aka Perlover