[8.x] Patch for timeless timing attack vulnerability in user login #44069
+198
−20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…sleep as part of the test. This is necessary because usleep on Windows is unreliable, and other tests that uses CPU (for instance by using usleep) that run simultaneously are then affecting the tests in SupportHelpersTests.php that asserts based on the used time.
GrahamCampbell
requested changes
Sep 12, 2022
driesvints
changed the title
X-Coder264
reviewed
Sep 13, 2022
Jubeki
reviewed
Sep 14, 2022
…Added config option for validateCredentialsMinimumTime per guard
|
I merged this into 9.x as well so this will be included in the next release. |
|
Thank you for the PR. |
|
May be correctly create this timeout in AuthManager and fix this attack for all drivers (not only Session) ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Timebox class
This new Timebox class makes a callable execute for at least the supplied amount of time.
This helps us guard against timing attacks at the application.
Timeless timing attacks
The authentication method is currently vulnerable to user enumeration via timeless timing attacks.
This is caused by the early return inside the
hasValidCredentialsmethod in theIlluminate\Auth\SessionGuardclass.If the user does not exist most of the code in that method will not be called and thus the execution time will be a tiny bit shorter.
With traditional timing attacks this would not be practical to utilize because of the large sample sizes needed, but timeless timing attacks which uses the HTTP/2 multiplexing protocol can with high accuracy measure timing differences between two calls to a remote server on 20 microseconds with a sample size of only 6 request pairs.
This means that most throttling/max attempts/DoS attack protection etc will not be triggered, and it is suddently very practical to harvest existing emails for a site (user enumeration).
User enumeration in itself is a security problem for some sites (where users dont want others to know they are using that site), but in general user enumeration can be used in tandem with other attacks (e.g. brute-forcing passwords or using previously leaked passwords).
The patch
That is why the new Timebox class is also implemented inside the
hasValidCredentialsmethod in this PR.A demo script that can be used to exploit the user enumeration can be found here.
The changes in this PR add a minimum execution time for the
hasValidCredentialsmethod of 200 milliseconds.But if the credentials are correct the timebox will be escaped and the user would not have to wait.
So this change only affects users typing the wrong credentials.
This pull request is opened with permission from Taylor via e-mail.
More in depth explanation of timeless timing attacks can be found here.