Academics from three German universities have found a vulnerability in the Transport Layer Security (TLS) protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks.
Dubbed ALPACA, which is short for "Application Layer Protocol Confusion – Analyzing and Mitigating Cracks in TLS Authentication," the researcher's findings are described in an academic paper [PDF] that's scheduled to be presented in August at Black Hat USA 2021 and the USENIX Security Symposium 2021.
The researchers – Marcus Brinkmann, Robert Merget, Jörg Schwenk, Jens Müller of Ruhr University Bochum, Christian Dresen, Damian Poddebniak, and Sebastian Schinzel of Münster University of Applied Sciences, Juraj Somorovsky of Paderborn University – have discovered that TLS, because it's independent from the application layer in the standard networking ..
Support the originator by clicking the read the rest link below.
