New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim s web browser to a different TLS service endpoint located on another IP address to steal sensitive information.
The attacks have been dubbed ALPACA, short for Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication, by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session, the study said. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.