Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password dependent timing side channel in AuthCredentials #439

Closed
madblobfish opened this issue Jan 18, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@madblobfish
Copy link

commented Jan 18, 2018

In https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/user/AuthCredentials.java#L170 passwords are hashed and then compared using java.util.Arrays.equals.

Arrays.equals seems to provide a timing side channel (tested this here), the leakage of password data should be prevented.
The result is that an attacker can find out the credentials faster than with a normal bruteforce attack. It is not impossible to use this attack over the internet, but it is even more dangerous when used over the LAN or from the same machine: http://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf

Note: There are tools which automate the attack, e.g.: https://github.com/aj-code/TimingIntrusionTool5000

@floragunncom

This comment has been minimized.

Copy link
Owner

commented Jan 18, 2018

Thanks for reporting this. We will fix this by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant. Since Arrays.equals() here is used only to determine if the user credentials are cached (or not) we do not believe, as of now, that this is a real attack vector which could be exploited in the wild.

floragunncom added a commit that referenced this issue Jan 19, 2018

Fix "Password dependent timing side channel in AuthCredentials" #439
…by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.

floragunncom added a commit that referenced this issue Feb 2, 2018

Fix "Password dependent timing side channel in AuthCredentials" #439
…by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.

floragunncom added a commit that referenced this issue Feb 7, 2018

Fix "Password dependent timing side channel in AuthCredentials" #439
…by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.

floragunncom added a commit that referenced this issue Feb 7, 2018

Merge branch '6.1.0' into es-6.1.2
* 6.1.0:
  Implement custom attributes for internal authentication backend
  adjust kibana_user role, removed ro flag for some roles
  Print out installed Search Guard version
  Fix null keys
  ask for passwords, check cluster sanity
  fix #429
  Issue a warning when admin certificate is also a node certificate
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  fix possible NPE

floragunncom added a commit that referenced this issue Feb 7, 2018

Merge branch '6.1.0' into es-6.1.0
* 6.1.0:
  Implement custom attributes for internal authentication backend
  adjust kibana_user role, removed ro flag for some roles
  Print out installed Search Guard version
  Fix null keys
  ask for passwords, check cluster sanity
  fix #429
  Issue a warning when admin certificate is also a node certificate
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  fix possible NPE

floragunncom added a commit that referenced this issue Feb 7, 2018

Merge branch '6.1.0' into es-6.1.1
* 6.1.0:
  Implement custom attributes for internal authentication backend
  adjust kibana_user role, removed ro flag for some roles
  Print out installed Search Guard version
  Fix null keys
  ask for passwords, check cluster sanity
  fix #429
  Issue a warning when admin certificate is also a node certificate
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  fix possible NPE
@floragunncom

This comment has been minimized.

Copy link
Owner

commented Feb 7, 2018

Fixed for SG 5.6.7-19 and 6.1.x-21.0 released today

floragunncom added a commit that referenced this issue Feb 13, 2018

Merge branch 'master' into es-6.x-api
* master:
  Bump to 6.2.1
  add smoketest to cci
  Update third party info
  Bump to ES 6.2.0
  remove circle ci 1.0 file
  adjust kibana_user role, removed ro flag for some roles
  update to 6.1.3
  Print out installed Search Guard version
  Fix null keys
  ask for passwords, check cluster sanity
  Implement custom attributes for internal authentication backend
  fix #429
  Issue a warning when admin certificate is also a node certificate
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  fix unittests, fix enterprise modules naming
  [TEST] fix truststore location to be in the same directory like the keystore

# Conflicts:
#	plugin-descriptor.properties
#	pom.xml

floragunncom added a commit that referenced this issue Jun 8, 2018

Fix "Password dependent timing side channel in AuthCredentials" #439
…by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.

floragunncom added a commit that referenced this issue Jun 15, 2018

Merge branch '5.6.0' into es-5.6.5
* 5.6.0:
  update guava dependency to version 25.1
  Merge pull request #503 from floragunncom/feature/sgadmin_explicit_replicas
  Turn off query node cache for fls requests
  Add searchguard.dynamic.multi_rolespan_enabled to support evaluation permissions across different sg roles
  update demo certificates
  exclude deps to avoid jar hell
  Print out installed Search Guard version
  Fix null keys
  fix #429
  ask for passwords, check cluster sanity
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  Fix scroll check for internal requests

floragunncom added a commit that referenced this issue Jun 15, 2018

Merge branch '5.6.0' into es-5.6.0
* 5.6.0:
  update guava dependency to version 25.1
  Merge pull request #503 from floragunncom/feature/sgadmin_explicit_replicas
  Turn off query node cache for fls requests
  Add searchguard.dynamic.multi_rolespan_enabled to support evaluation permissions across different sg roles
  update demo certificates
  exclude deps to avoid jar hell
  Print out installed Search Guard version
  Fix null keys
  fix #429
  ask for passwords, check cluster sanity
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  Fix scroll check for internal requests

# Conflicts:
#	src/main/java/com/floragunn/searchguard/user/AuthCredentials.java

floragunncom added a commit that referenced this issue Jun 15, 2018

Merge branch '5.6.0' into es-5.6.4
* 5.6.0:
  update guava dependency to version 25.1
  Merge pull request #503 from floragunncom/feature/sgadmin_explicit_replicas
  Turn off query node cache for fls requests
  Add searchguard.dynamic.multi_rolespan_enabled to support evaluation permissions across different sg roles
  update demo certificates
  exclude deps to avoid jar hell
  Print out installed Search Guard version
  Fix null keys
  fix #429
  ask for passwords, check cluster sanity
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  Fix scroll check for internal requests

floragunncom added a commit that referenced this issue Jun 15, 2018

Merge branch '5.6.0' into es-5.6.6
* 5.6.0:
  update guava dependency to version 25.1
  Merge pull request #503 from floragunncom/feature/sgadmin_explicit_replicas
  Turn off query node cache for fls requests
  Add searchguard.dynamic.multi_rolespan_enabled to support evaluation permissions across different sg roles
  update demo certificates
  exclude deps to avoid jar hell
  Print out installed Search Guard version
  Fix null keys
  fix #429
  ask for passwords, check cluster sanity
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.

floragunncom added a commit that referenced this issue Jun 15, 2018

Merge branch '5.6.0' into es-5.6.2
* 5.6.0:
  update guava dependency to version 25.1
  Merge pull request #503 from floragunncom/feature/sgadmin_explicit_replicas
  Turn off query node cache for fls requests
  Add searchguard.dynamic.multi_rolespan_enabled to support evaluation permissions across different sg roles
  update demo certificates
  exclude deps to avoid jar hell
  Print out installed Search Guard version
  Fix null keys
  fix #429
  ask for passwords, check cluster sanity
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  Fix scroll check for internal requests

floragunncom added a commit that referenced this issue Jun 15, 2018

Merge branch '5.6.0' into es-5.6.3
* 5.6.0:
  update guava dependency to version 25.1
  Merge pull request #503 from floragunncom/feature/sgadmin_explicit_replicas
  Turn off query node cache for fls requests
  Add searchguard.dynamic.multi_rolespan_enabled to support evaluation permissions across different sg roles
  update demo certificates
  exclude deps to avoid jar hell
  Print out installed Search Guard version
  Fix null keys
  fix #429
  ask for passwords, check cluster sanity
  handle null hashes correctly
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
  Fix scroll check for internal requests

floragunncom added a commit that referenced this issue Jul 29, 2018

Merge branch 'master' into compliance_newpe
* master:
  Fix "Password dependent timing side channel in AuthCredentials" #439 by replacing Arrays.equals() with MessageDigest.isEqual() which is time constant.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.