💾 Archived View for gemini.thegonz.net › glog › 221008-diohscSecurityUpdate.gmi captured on 2023-01-29 at 03:08:05. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Today I noticed a very stupid security bug in my Gemini client, diohsc, which could potentially be used to circumvent TOFU and run a MitM attack.
If you use diohsc, please upgrade to the latest version (0.1.12); typically you can do this by running "cabal update && cabal install diohsc".
The bug is as simple as it is stupid. If you navigate to a capsule whose certificate you trust, e.g. because it's saved in your known_hosts directory after explicitly trusting it previously, then the fact that it is trusted is stored in RAM so future connections don't require disk access. But when checking certificates against those stored this way, in the buggy versions only the certificate itself is considered, and not the hostname. Upshot: if you go to one capsule where you trust the certificate, the owner of that certificate could then use it to MitM your subsequent connections to *any* host. Oops.