Dumb mode question
meepbear at hotmail.com
Wed Jul 6 02:31:17 PDT 2005
I was finishing up my server when I started wondering whether the
assoc_handle from 'regular' mode and the one from 'dumb' mode shouldn't be
John writes up some code to associate with an OpenID server and gets a
mac_key and an assoc_handle.
He uses those two to write up an id_res response to a consumer with someone
else's identity (that the OpenID server is qualified to assert). He then
goes to a consumer, figures out what that consumer's valid return_to (see
the other email in this thread) is and creates a valid openid.sig.
He sends the fake "id_res" to the consumer with an invalidate_handle and
uses the assoc_handle he has the mac_key for. The consumer checks return_to,
sees that it's valid and fallbacks to dumb mode and sends the server a
"check_authentication". The server validates the assertion since John knew
the mac_key associated with it and was able to create a valid signature.
The problem is that the server didn't distinguish between 'regular' and
'dumb' mode association handles and allowed one to be used in place of the
Also both the consumer and server should be checking invalidate_handle. If a
consumer receives an invalidate_handle it doesn't know about, it should stop
dead and return an error. If a server receives an invalidate_handle it does
know about then it should be not answer the check_authentication but simply
return an error as well.
The reasoning for the second is that someone could only fool one of the two
at most. If they give a valid "invalid handle" to a consumer it'll contact
the server but then the server won't respond since it knows the handle isn't
invalid so it has to have been fabricated. If they give an invalid "invalid
handle" to a consumer it'll know it's not a handle it was ever issued so it
can only be fabricated as well so it won't even look at the rest of the
Sorry to keep coming up with malicious situations but it's still better that
someone here sees one then when everything is fully written and deployed all
Since the source for most of the consumers and servers will be freely
available, it won't take much for anyone to figure out which combination of
the two is vulnerable to something.
More information about the yadis