[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Subversion authentication security issue (svnserve, MITM)

From: Navrotskiy Artem <bozaro_at_ya.ru>
Date: Fri, 16 Jan 2015 10:35:46 +0300


Subversion includes many types of connection:

 * svnserve - plain password over network
 * svnserve + ssh - secure, but unusable slow
 * http - plain password over network
 * https - secure

In the case of svnserver default instead of the password hash is transmitted over the network, and this configuration looks like a safe.
But this is not so, because the MITM-server can request SASL PLAIN-authorization. In this situation, the client is unable to authenticate the server and sends the password in plain text without warning.

Configuration svnserver + ssh even in local network adds more overhead to establish the connection (I have 0.3 seconds per connection). Console svn client reconnects too often (eg, svn status -u A.txt B.txt C.txt produces 6 serial connections).

As a solution to this problem, it seems reasonable wrapping svnserver protocol SSL.
This will, at least to check the validity of the server on the client side. And svnserver + ssl looks cheaper than svnserver + ssh in terms of overhead.

Best regards
Navrotskiy Artem
Received on 2015-01-16 08:36:15 CET

This is an archived mail posted to the Subversion Dev mailing list.