phpMyAdmin 4.4.6 Man-In-the-Middle to API Github (CVE-2015-3903)
Author: Maksymilian Arciemowicz from https://cxsecurity.com
Issue type: CWE-295
Source URL:
http://cxsecurity.com/issue/WLB-2015050095
— Description —
As we can read
CURLOPT_SSL_VERIFYPEER option.
http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
WARNING: disabling verification of the certificate allows bad guys to man-in-the-middle the communication without you knowing it. Disabling verification makes the communication insecure. Just having encryption on a transfer is not enough as you cannot be sure that you are communicating with the correct end-point.
CURLOPT_SSL_VERIFYHOST option.
http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
When the verify value is 0, the connection succeeds regardless of the names in the certificate. Use that ability with caution!
— MItM in libraries/Config.class.php —
Let's see libraries/Config.class.php file
where checkHTTP() is vulnerable for MItM attack
https://cwe.mitre.org/data/definitions/295.html
Example target URL:
https://api.github.com/repos/phpmyadmin/phpmyadmin/git/trees/master
— Credit —
Issue discovered by Maksymilian Arciemowicz from http://cxsecurity.com by using cIFrex (static code analysis tool http://cifrex.org ).
— Patch —
http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php
http://cxsecurity.com/issue/WLB-2015050095