The new attack, dubbed ALPACA, has been described as an “application layer protocol content confusion attack.”
“TLS is widely used to add confidentiality, authenticity and integrity to application layer protocols such as HTTP, SMTP, IMAP, POP3, and FTP. However, TLS does not bind a TCP connection to the intended application layer protocol. This allows a man-in-the-middle attacker to redirect TLS traffic to a different TLS service endpoint on another IP address and/or port,” the researchers explained in a paper made public this week.
“For example, if subdomains share a wildcard certificate, an attacker can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attack may be possible where the behavior of one service may compromise the security of the other at the application layer,” they added.