In this case, the vulnerability occurs due to the following code.
Here, a untrusted input, sourced from a HTTP header, is compared directly with a secret.
Since, this comparision is not secure, an attacker can mount a side-channel timing attack to guess the password.
From d18cff85e1a565f688f717fd8f2cacea62ff9dbf Mon Sep 17 00:00:00 2001
From: Porcupiney Hairs <porcupiney.hairs@protonmail.com>
Date: Sun, 7 May 2023 01:03:33 +0530
Subject: [PATCH] Fix : Timing attack
---
auth.go | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/auth.go b/auth.go
index 1be96e9..be13f23 100644
--- a/auth.go
+++ b/auth.go
@@ -2,6 +2,7 @@ package gost
import (
"bufio"
+ "crypto/subtle"
"io"
"strings"
"sync"
@@ -43,7 +44,8 @@ func (au *LocalAuthenticator) Authenticate(user, password string) bool {
}
v, ok := au.kvs[user]
- return ok && (v == "" || password == v)
+ passOk := subtle.ConstantTimeCompare([]byte(password), []byte(v)) == 0
+ return ok && (v == "" || passOk)
}
// Add adds a key-value pair to the Authenticator.
--
2.25.1
porcupineyhairs Finder
Timing attacks occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function.
More information on this attack type can be found in this blog post.
Root Cause Analysis
In this case, the vulnerability occurs due to the following code.
gost/auth.go
Line 46 in 1c62376
Here, a untrusted input, sourced from a HTTP header, is compared directly with a secret.
Since, this comparision is not secure, an attacker can mount a side-channel timing attack to guess the password.
Remediation
This can be easily fixed using a constant time comparing function such as
crypto/subtle'sConstantTimeCompare.An example fix can be found in runatlantis/atlantis@4887091 Alternatively, one can apply the patch below