Date: Sun, 6 Sep 2015 11:55:41 -0400 From: Justin Bull <me@...tinbull.ca> To: oss-security@...ts.openwall.com Subject: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Hello again, I’d like to request a CVE ID for the following: == Affected Software: == Devise-Two-Factor Authentication (https://github.com/tinfoil/devise-two-factor) By Tinfoil Security (https://www.tinfoilsecurity.com/) Devise-two-factor is a minimalist extension to Devise which offers support for two-factor authentication, through the TOTP scheme. This enables Ruby on Rails applications to have strong two-factor authentication in their auth/auth flow. == Versions Affected: == All versions. == Fixed Versions: == None. == Description of Vulnerability: == The library’s use of TOTP for Two-Factor Authentication is not fully compliant with Section 5.2 of RFC 6238 and does not “burn” a successfully validated OTP. When the prover (end user) sends a valid OTP to the verifier (web app), the verifier must not accept subsequent submissions of the same OTP in that given time-step. That is, in order to maintain the “One-Time” aspect of a One-Time Password, it can be used once and only once. == Impact / Attack: == Given an attacker already knows a victim’s credentials, they could "shoulder surf" the victim’s second factor device, obtaining the OTP, and login with the known credentials & OTP within the current time-step (a default 30 second window). This defeats two-factor authentication for the duration of the time-step. Alternatively, an attacker could Man-in-The-Middle the connection between the prover and verifier, and replay the OTP & credentials within the given time-step. This however is not as much as a concern since, if an attacker can MITM the connection, they can just obtain the granted session secret from the response instead. Although a narrow vulnerability, it remains a valid security issue that’s been explicitly called out in the RFC. == Solution: == Use the library’s implicit access to a persistence layer to store “burned” OTPs, preventing multiple uses of an OTP in a given time-step. Proposed fix pending vendor acceptance and release. == Previously Requested: == Not to my knowledge. == Acknowledgements: == Thanks to Viliam Holub (https://github.com/vilda) for originally reporting the issue. Thanks to Shane Wilton of Tinfoil Security (https://github.com/ShaneWilton) for validating my suggested solution. == References:== : https://tools.ietf.org/html/rfc6238#section-5.2 : https://github.com/tinfoil/devise-two-factor/pull/43 : https://github.com/tinfoil/devise-two-factor/issues/30 Best Regards, Justin Bull PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ