Spoofing FIDO2 tokens and SSH-Askpass #89
Replies: 5 comments
-
Presentation about "trivial success authentication"I have uploaded a presentation for those, who are interested in "trivial success authentication" The exploit in the presentation is only a proof of concept. The problem with that example is, that SSH-MITM always tries to spoof a FIDO2 token. This breaks the login process of clients, if they want to use password authentication. For a full implementation the mitm server must check if the clent wants to login with publickey authentication and only spoof those connections. |
Beta Was this translation helpful? Give feedback.
-
Question: You wrote, that PuTTY and Dropbear have implemented patches to mitigate spoofing FIDO2 tokens, but support for FIDO2 is only implemented in OpenSSH. Why are other clients affected by this kind of spoofing attack? Answer: Most clients are able to use different agent implementations. If you are using PuTTY on a Linux machine, it's likely that you are using the OpenSSH agent implementation. This is the reason, why PuTTY and Dropbear have accepted the patches against this spoofing attack. |
Beta Was this translation helpful? Give feedback.
-
Full support for "trivial success authentication" is implemented in the develop branch, for those who want to try out the new feature. Install SSH-MITM from the develop branch:
Start SSH-MITM with enable trivial authentication:
|
Beta Was this translation helpful? Give feedback.
-
How to intercept sessions with FIDO2 tokens or SSH-AskpassWhen intercepting FIDO2 tokens and SSH-Askpass protected keys, there is no difference for a mitm server. In this example, SSH-Askpass is used, because it's easier for most users and no FIDO2 tokens are required. The first step is to configure SSH-Askpass on the client side. In this example, we are using the ssh-askpass version form SSH-MITM. If you have SSH-Askpass installed on your system, you can use that version. Configure SSH-Agent to use SSH-Askpass:
Start SSH-MITMIt's recommended to start SSH-MITM, because when a client uses piublickey authentication, but does not forward the agent, a login to the remote server is not possible. The default behavior is, that the connection will be closed. To avoid closing the connection, the client can be redirected to a honeypot, where the client can interact with a fake system. ssh-mitm --enable-trivial-auth --fallback-host user:password@fallbackhost:port Client connects to ssh-mitmAgent Forwarding is recommended, but it also should work without it, if you have configured a fallback host.
You should prompted with only one dialog. FAQQ: I'm getting a poswword prompt instead of a dialog from SSH-Askpass A: Your client is not allowed to login with publickey authentication to the remote server. You must configure publickey authentication on the remote server (authorized_keys file) and check if you can login without intercepting with SSH-MITM. If the connection works without SSH-MITM, you can try to intercept the connection and spoofing the FIDO2 token or SSH-Askpass should work. |
Beta Was this translation helpful? Give feedback.
-
I have written a documentation about "trivial authentication": https://docs.ssh-mitm.at/trivialauth.html In the next days, I will create a new release (1.0.0), which will include full support 😃 |
Beta Was this translation helpful? Give feedback.
-
Thanks for the great support and reaching more than 500 ⭐ 😊.
In the next days, I will implement the full spoofing attack in SSH-MITM.
Today I had a talk on DeepSec 2021, where I presented this vulnerability the first time: https://deepsec.net/speaker.html#PSLOT525
This spoofing attack is called "trivial success authentication" and can be used to spoof various security features like FIDO2 tokens.
The patches for OpenSSH, Dropbear and PuTTY where developed by Simon Tatham (PuTTY), Matt Johnston (Dropbear) and me (AUT-milCERT).
Vulnerable clients:
Most clients are vulnerable.
OpenSSH: CVE-2021-36368 - closed Pull request: openssh/openssh-portable#258)
Fixed clients:
Dropbear: This vulnerability is patched in Drobear (CVE-2021-36368): mkj/dropbear#128
PuTTY >= 0.71 has trust sigils against spoofing attacks. The trust sigil system was introduced to mitigate a spoofing attack against local passwords (e.g. password protected keys)
Since 0.76, there is also an option for advanced mitigations:
Beta Was this translation helpful? Give feedback.
All reactions