You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Yannic Noller (JIRA)" <ji...@apache.org> on 2018/04/18 08:47:00 UTC

[jira] [Updated] (FTPSERVER-485) Timing Side Channel PasswordEncryptor

     [ https://issues.apache.org/jira/browse/FTPSERVER-485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yannic Noller updated FTPSERVER-485:
------------------------------------
    Description: 
Dear Apache FTPServer developers,


We have found a timing side-channel in class org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor, method "public boolean matches(String passwordToCheck, String storedPassword)". This is due to the use of String.equals for comparison which returns as soon as a character does not match. This represents a timing side channel, which could be used by a potential attacker to obtain knowledge about the hidden secret password.
Do you agree with our findings?

A similar issue is present in method "matches" from classes org.apache.ftpserver.usermanager.Md5PasswordEncryptor and org.apache.ftpserver.usermanager.SaltedPasswordEncryptor.

We found these classes in the latest version of your git repo: https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary

The problem can be fixed easily by using the following safe version for String comparison in all three methods:

public boolean isEqual_safe(String a, String b) {
 if (a == b) {
 return true;
 }
 char a_value[] = a.toCharArray();
 char b_value[] = b.toCharArray();
 if (a_value.length != b_value.length) {
 return false;
 }
 boolean match = true;
 for (int i = 0; i < a_value.length; i++) {
 match &= a_value[i] == b_value[i];
 }
 return match;
 }

Do you agree with our patch proposal?

Please feel free to contact us for further clarification! You can reach us by the following email address:
yannic.noller@informatik.hu-berlin.de


Best regards,
Yannic Noller

  was:
Dear Apache FTPServer developers,


We have found a timing side-channel in class org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor, method "public boolean matches(String passwordToCheck, String storedPassword)". This is due to the use of String.equals for comparison which returns as soon as a character does not match. This represents a timing side channel, which could be used by a potential attacker to obtain knowledge about the hidden secret password.
Do you agree with our findings?

A similar issue is present in method "matches" from classes org.apache.ftpserver.usermanager.Md5PasswordEncryptor and org.apache.ftpserver.usermanager.SaltedPasswordEncryptor.

We found these classes in the latest version of your git repo: https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary

The problem can be fixed easily by using the following safe version for String comparison in all three methods:

public boolean isEqual_safe(String a, String b) {
 if (a == b) {
 return true;
 }
 char a_value[] = a.toCharArray();
 char b_value[] = b.toCharArray();
 if (a_value.length != b_value.length) {
 return false;
 }
 boolean match = true;
 for (int i = 0; i < a_value.length; i++) {
 match &= a_value[i] != b_value[i];
 }
 return match;
 }

Do you agree with our patch proposal?

Please feel free to contact us for further clarification! You can reach us by the following email address:
yannic.noller@informatik.hu-berlin.de


Best regards,
Yannic Noller


> Timing Side Channel PasswordEncryptor
> -------------------------------------
>
>                 Key: FTPSERVER-485
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-485
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.1.1
>         Environment: tested on macOS High Sierra 10.13.4, but it is not relevant
>            Reporter: Yannic Noller
>            Priority: Major
>              Labels: easyfix, pull-request-available
>             Fix For: 1.1.2
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Dear Apache FTPServer developers,
> We have found a timing side-channel in class org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor, method "public boolean matches(String passwordToCheck, String storedPassword)". This is due to the use of String.equals for comparison which returns as soon as a character does not match. This represents a timing side channel, which could be used by a potential attacker to obtain knowledge about the hidden secret password.
> Do you agree with our findings?
> A similar issue is present in method "matches" from classes org.apache.ftpserver.usermanager.Md5PasswordEncryptor and org.apache.ftpserver.usermanager.SaltedPasswordEncryptor.
> We found these classes in the latest version of your git repo: https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
> The problem can be fixed easily by using the following safe version for String comparison in all three methods:
> public boolean isEqual_safe(String a, String b) {
>  if (a == b) {
>  return true;
>  }
>  char a_value[] = a.toCharArray();
>  char b_value[] = b.toCharArray();
>  if (a_value.length != b_value.length) {
>  return false;
>  }
>  boolean match = true;
>  for (int i = 0; i < a_value.length; i++) {
>  match &= a_value[i] == b_value[i];
>  }
>  return match;
>  }
> Do you agree with our patch proposal?
> Please feel free to contact us for further clarification! You can reach us by the following email address:
> yannic.noller@informatik.hu-berlin.de
> Best regards,
> Yannic Noller



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)