This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
CVE-2019-5885: Insecure fallback when macaroon_secret_key is not specified in the configuration file
#4664
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This issue records a historical security issue which was fixed (accidentally) by matrix-org/synapse#4315 in 0.34.1, and matrix-org/synapse#4373 in 0.34.0.1.
Versions of Synapse up to and including v0.34.0 used an insecure fallback when
macaroon_secret_keyis not specified in the configuration file.Impact
An attacker may be able to forge login tokens, allowing them to log in as any user, on a server where
macaroon_secret_keyis not set in the configuration.Details
Macaroons are authentication tokens which must be signed by the server which generates them, to prevent them being forged by attackers. Synapse uses the
macaroon_secret_keysetting as the key for such signatures.If
macaroon_secret_keyis not set in the configuration file, Synapse will attempt to derive a secret key from other secrets specified in the configuration file. However, in all versions of Synapse up to and including v0.34.0, this process was faulty and a predictable value was used instead.Synapse uses macaroons for login tokens. Login tokens are used as part of a number of authentication flows: as part of the flow Synapse generates a short-term token which can be exchanged for an access token at a later stage in the authentication flow. An attacker could forge a login token for any active user account, which would then give them access to that account.
Synapse also uses macaroons for three other types of identifier. However, the impact of the vulnerability is limited in each of these cases:
Vulnerable versions
All versions of Synapse between v0.13.0 and v0.34.0 are affected, if they do not include a setting for
macaroon_secret_keyin their configuration file.Configuration files generated with
python -m synapse.app.homeserver --generate-configusing any version of Synapse since v0.11.0 will include a securely-generated value formacaroon_secret_keyand are therefore not affected. Likewise, the configuration file generated by the Docker images onhub.docker.com/r/matrixdotorgwill also contain this setting.However, the configuration file used in the Debian/Ubuntu packages for Synapse DO NOT include a setting for
macaroon_secret_key. Any server using these packages will therefore be vulnerable.Fixed versions
v0.34.1 closed the vulnerability by fixing the fallback logic so that a secure key was used if no
macaroon_secret_keywas set (as an accidental side-effect of #4315). However, the fix meant that any macaroon generated before the upgrade was invalid after the upgrade, so all access tokens became invalid, which meant that users were logged out of their Matrix clients (#4371).v0.34.1.1 removed the macaroon signature check on regular access tokens (#4374), where it is redundant since the access token must also be in the database. This meant that the security vulnerability was closed, but users were able to continue their client sessions without being logged out.
v0.34.0.1 patched v0.34.0 with a fix to the fallback logic, and included a backport of #4374.
Timeline
2019-01-09 1500 UTC: Synapse v0.34.1 released
2019-01-09 1635 UTC: Reports received of spontaneous logout
2019-01-09 1800 UTC: Users advised not to upgrade; release is removed from public servers.
Further investigation shows that the logout issue is caused by the change to
macaroon_secret_key, which brings our attention to the vulnerability in previous versions. Work begins on preparing patched releases.2019-01-10 1500 UTC v0.34.0.1 and v0.34.1.1 released, along with advisories instructing users to upgrade immediately.
The text was updated successfully, but these errors were encountered: