Описание
Invalid Curve Attack in openpgp
Versions of openpgp prior to 4.3.0 are vulnerable to an Invalid Curve Attack. The package's implementation of ECDH fails to verify the validity of the communication partner's public key. The package calculates the resulting key secret based on an altered curve instead of the specified elliptic curve. Attackers may exfiltrate the victim's private key by choosing the altered curve. An attack requires the attacker being able to initiate message decryption and record the result. Furthermore the victim's key must offer an ECDH public key.
Recommendation
Upgrade to version 4.3.0 or later.
If you are upgrading from a version <4.0.0 it is highly recommended to read the High-Level API Changes section of the openpgp 4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-9155
- https://github.com/openpgpjs/openpgpjs/pull/853
- https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e
- https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0
- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
- https://snyk.io/vuln/SNYK-JS-OPENPGP-460225
- https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
- https://www.npmjs.com/advisories/1159
- http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
Пакеты
openpgp
< 4.3.0
4.3.0
Связанные уязвимости
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is ...