oss-sec mailing list archives
CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor"
From: Justin Bull <me () justinbull ca>
Date: Sun, 6 Sep 2015 11:55:41 -0400
Hello again, I’d like to request a CVE ID for the following: == Affected Software: == Devise-Two-Factor Authentication (https://github.com/tinfoil/devise-two-factor) By Tinfoil Security (https://www.tinfoilsecurity.com/) Devise-two-factor is a minimalist extension to Devise which offers support for two-factor authentication, through the TOTP scheme. This enables Ruby on Rails applications to have strong two-factor authentication in their auth/auth flow. == Versions Affected: == All versions. == Fixed Versions: == None. == Description of Vulnerability: == The library’s use of TOTP for Two-Factor Authentication is not fully compliant with Section 5.2 of RFC 6238[1] and does not “burn” a successfully validated OTP. When the prover (end user) sends a valid OTP to the verifier (web app), the verifier must not accept subsequent submissions of the same OTP in that given time-step. That is, in order to maintain the “One-Time” aspect of a One-Time Password, it can be used once and only once. == Impact / Attack: == Given an attacker already knows a victim’s credentials, they could "shoulder surf" the victim’s second factor device, obtaining the OTP, and login with the known credentials & OTP within the current time-step (a default 30 second window). This defeats two-factor authentication for the duration of the time-step. Alternatively, an attacker could Man-in-The-Middle the connection between the prover and verifier, and replay the OTP & credentials within the given time-step. This however is not as much as a concern since, if an attacker can MITM the connection, they can just obtain the granted session secret from the response instead. Although a narrow vulnerability, it remains a valid security issue that’s been explicitly called out in the RFC[1]. == Solution: == Use the library’s implicit access to a persistence layer to store “burned” OTPs, preventing multiple uses of an OTP in a given time-step. Proposed fix pending vendor acceptance and release[2]. == Previously Requested: == Not to my knowledge. == Acknowledgements: == Thanks to Viliam Holub (https://github.com/vilda) for originally reporting the issue[3]. Thanks to Shane Wilton of Tinfoil Security (https://github.com/ShaneWilton) for validating my suggested solution. == References:== [1]: https://tools.ietf.org/html/rfc6238#section-5.2 [2]: https://github.com/tinfoil/devise-two-factor/pull/43 [3]: https://github.com/tinfoil/devise-two-factor/issues/30 Best Regards, Justin Bull PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Justin Bull (Sep 06)
- Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Justin Bull (Sep 16)
- Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" cve-assign (Sep 17)