Date: Sun, 25 Aug 1996 14:21:47 -0700 (PDT)
From: Alexei Kosut <akosut@organic.com>
To: Apache Mailing List <new-httpd@hyperreal.com>
Subject: Re: Security hole in mod_digest.c?
In-Reply-To: <9608251629.aa18661@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.SOL.3.93.960825141644.23376B-100000@eat.organic.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

On Sun, 25 Aug 1996, Ben Laurie wrote:

> mod_digest seems to use the nonce returned by the client without checking that
> it is the one it sent in the first place. This surely defeats the whole object
> of digest auth? Or did I miss something?

Just some of the purpose. There are many purposes to digest auth. One of
them is simply to avoid sending the actual password over the wire. 
mod_digest does that nicely. Another is to prevent password spoofing.
mod_digest doesn't do so well in that arena. I thought about rewriting it
a couple weeks ago, then realized there aren't enough digest
auth-supporting browsers out there to warrant it. Spyglass Mosaic and some
versions of Internet Explorer for the Mac. That's about it.

Besides, you get much greater security just by using basic auth with SSL.
For both the password and the whole document.

Actually, I'm not sure you could make the nonce secure anyhow. The
reccomended procedure in the draft is something like the client's IP
address, and time of the request, and a "secret" part the server computes.
However, given that Apache gives its source code away freely, I couldn't
think of a way to do that, short of using random numbers. Unfortunately,
you would then have to store them somewhere, along with all the other
information, so you could check when the client came back. This seemed not
worth the effort.

-- Alexei Kosut <akosut@organic.com>            The Apache HTTP Server 
   http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/