Difference between revisions of "Channel Binding"
From MgmtWiki
(→Full Title or Meme) |
(→Problem) |
||
| Line 5: | Line 5: | ||
==Problem== | ==Problem== | ||
| − | Channel Rely | + | Channel Rely is an attack against an [[Authentication]] process in certain scenarios. If an attacker manages to elicit a client to connect to him, that attacker could take advantage of the authentication mechanism and use it to authenticate against a third party server on which the client has an account with identical credentials. In addition, the attacker could even authenticate against a service running on the client itself. However, an attacker could never learn the user’s password. |
==Solution== | ==Solution== | ||
Revision as of 17:40, 19 August 2018
Full Title or Meme
The process of binding an Authentication process to a secure channel that has been established between two communicating end-points.
Context
Problem
Channel Rely is an attack against an Authentication process in certain scenarios. If an attacker manages to elicit a client to connect to him, that attacker could take advantage of the authentication mechanism and use it to authenticate against a third party server on which the client has an account with identical credentials. In addition, the attacker could even authenticate against a service running on the client itself. However, an attacker could never learn the user’s password.
