Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim’s web browser to a different TLS service endpoint. The ALPACA attacks have been dubbed ALPACA, short for “Application Layer Protocol Confusion – Analyzing and mitigating Cracks in tls Authentication,” by a group of academics from Ruhr University Bochum, M..nster University of Applied Sciences, and Paderborn University. The findings are expected to be presented at Black Hat USA 2021 and at USENIX Security Symposium 2021.
Source: https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html