Back to bug 1975623
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Doran Moppert | 2021-06-24 06:10:22 UTC | CC | dmoppert | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:12:05 UTC | Summary | ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication | CVE-2021-3618 ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication |
| Alias | CVE-2021-3618 | |||
| Huzaifa S. Sidhpurwala | 2021-06-24 06:16:30 UTC | Doc Text | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:28:42 UTC | CC | cmeyers, gblomqui, hhorak, jorton, mabashia, mhlavink, notting, rpetrell, smcdonal | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:31:14 UTC | CC | aegorenk | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:32:30 UTC | Alias | ALPACA | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:39:24 UTC | Doc Text | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:55:01 UTC | CC | jskarvad | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:56:52 UTC | CC | anon.amish, bennie.joubert, felix, janfrode, jaskalnik, jeremy, jkaluza, msehnout, mturk, nagy.martin, ollie.yeoh, olysonek-foss, pahan, pavel.lisy, peter.borsa, redhat-bugzilla, wtogami | |
| Huzaifa S. Sidhpurwala | 2021-06-24 06:57:45 UTC | Depends On | 1975646, 1975648, 1975647 | |
| Huzaifa S. Sidhpurwala | 2021-06-24 07:05:38 UTC | CC | dwmw2 | |
| Huzaifa S. Sidhpurwala | 2021-06-24 07:06:29 UTC | Depends On | 1975652, 1975651, 1975653, 1975650 | |
| Huzaifa S. Sidhpurwala | 2021-06-24 07:10:34 UTC | Fixed In Version | vsftpd 3.0.4, nginx 1.21.0, sendmail 8.17 | |
| Tomas Hoger | 2021-06-24 09:54:13 UTC | Summary | CVE-2021-3618 ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication | CVE-2021-3618 ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication |
| Yasuhiro Ozone | 2021-06-24 10:27:32 UTC | CC | yozone | |
| Yasuhiro Ozone | 2021-06-24 10:33:45 UTC | Flags | needinfo+ | |
| Yasuhiro Ozone | 2021-06-24 10:34:50 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2021-06-24 10:50:51 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2021-06-24 10:52:16 UTC | Depends On | 1975746, 1975749, 1975744, 1975745, 1975747 | |
| Yasuhiro Ozone | 2021-06-24 11:48:54 UTC | Flags | needinfo?(huzaifas) | |
| Gianluca Gabrielli | 2021-06-24 13:16:52 UTC | CC | tuxmealux+redhatbz | |
| Guilherme de Almeida Suckevicz | 2021-06-24 13:50:13 UTC | Blocks | 1975822 | |
| Huzaifa S. Sidhpurwala | 2021-06-24 14:56:39 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2021-06-29 05:12:38 UTC | Depends On | 1977146, 1977147 | |
| Yasuhiro Ozone | 2021-06-29 05:38:47 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2021-06-30 03:15:02 UTC | Flags | needinfo?(huzaifas) | |
| Tapas Jena | 2021-07-07 16:32:54 UTC | CC | bcoca, chousekn, davidn, jcammara, jhardy, jobarker, osapryki, relrod, sdoran, tkuratom | |
| Tapas Jena | 2021-07-07 16:34:47 UTC | Depends On | 1980043, 1980042 | |
| Red Hat Bugzilla | 2021-11-02 15:42:04 UTC | CC | notting | |
| Red Hat Bugzilla | 2021-12-15 11:50:52 UTC | CC | cmeyers | |
| Red Hat Bugzilla | 2021-12-20 17:33:29 UTC | CC | sdoran | |
| Red Hat Bugzilla | 2021-12-31 23:40:25 UTC | CC | msehnout | |
| Huzaifa S. Sidhpurwala | 2022-02-08 04:45:04 UTC | CC | icesalov | |
| Flags | needinfo?(huzaifas) | |||
| Flags | needinfo?(huzaifas) | |||
| Red Hat Bugzilla | 2022-03-31 22:36:45 UTC | CC | aegorenk | |
| Red Hat Bugzilla | 2022-04-23 04:25:45 UTC | CC | chousekn | |
| Guilherme de Almeida Suckevicz | 2022-09-09 14:42:21 UTC | Blocks | 1986789 | |
| Nikhil Bhumkar | 2023-02-02 10:52:45 UTC | CC | nbhumkar | |
| Red Hat Bugzilla | 2023-07-07 08:33:24 UTC | CC | adudiak, kshier, stcannon, tfister, yguenane | |
| Depends On | 2175896 | |||
| Depends On | 2175929 | |||
| Assignee | security-response-team | nobody |
Back to bug 1975623