AnsweredAssumed Answered

CRIME and SMTP

Question asked by Roland Wagner on Oct 23, 2014
Latest reply on Oct 23, 2014 by Ivan Ristić

Found no discussion with my search here about CRIME an SMTP, so am I the first one who got a CRIME-vulnerability on smtp?

 

During a scan I got a "SSL/TLS Compression Algorithm Information Leakage Vulnerability" (QID: 38599)

 

As far as I have learned, it's a vulnerability about ssl-communication between a client (browser)  and a webserver (over HTTPS).

But I got these vulnerability on a mailserver (smtp over ssl  on port 465/tcp).

The documentation about these vulnerability says

"... the attacker needs to have ability to submit any plain text to compression and encryption process and observe the output to be able to exploit this vulnerability... "

All explanations about these vulnerability say use cookies for exploitation.

 

Could there be a likewise technology to inject plain data to a (ssl-secured)  smtp-server and get the compressed and encrypted output?

So does anybody knows a way to exploit these vulnerability on a secure (ssl-) connection to a smtp-server?

 

I found some diskussions on the internet and they all said "... smtp-server are not vulnerable to CRIME..."

So it seems to be a false positiv from my scanner (qualys)?!

 

bye

     Roland

 

 

 

 

 

 

 

Outcomes