Man-in-the-Middle (MITM) Attack

2021-04-0100:29:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

72.2%

JSON

curl:buster is vulnerable to man-in-the-middle attack. It allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly “short-cut” the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

CPENameOperatorVersion
curl:bustereq7.64.0-4+deb10u1
curl:focaleq7.68.0-1ubuntu2.2
curl:focaleq7.68.0-1ubuntu2
curl:groovyeq7.68.0-1ubuntu4
curl:sideq7.72.0-1
curl:bullseyeeq7.72.0-1
curl:3.12eq7.69.1-r0
curl:3.12eq7.69.1-r3
curl:3.13eq7.74.0-r1
curl:edgeeq7.69.0-r0

Name	Operator	Version
curl:buster	eq	7.64.0-4+deb10u1
curl:focal	eq	7.68.0-1ubuntu2.2
curl:focal	eq	7.68.0-1ubuntu2
curl:groovy	eq	7.68.0-1ubuntu4
curl:sid	eq	7.72.0-1
curl:bullseye	eq	7.72.0-1
curl:3.12	eq	7.69.1-r0
curl:3.12	eq	7.69.1-r3
curl:3.13	eq	7.74.0-r1
curl:edge	eq	7.69.0-r0