Impact
The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’s execution times.
The vulnerability is shown in figure 8.1, where both the username and password are compared with a short-circuiting equality operation.
if user != proxy.basicAuth.Username || pass != proxy.basicAuth.Password {It is currently undetermined what an attacker may be able to do with access to the proxy password.
Patches
- Dragonfy v2.1.0 and above.
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at [email protected].
Impact
The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’s execution times.
The vulnerability is shown in figure 8.1, where both the username and password are compared with a short-circuiting equality operation.
It is currently undetermined what an attacker may be able to do with access to the proxy password.
Patches
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at [email protected].