All posts by rocco

CWE-334 – Small Space of Random Values

Read Time:54 Second

Description

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-330

 

Consequences

Access Control, Other: Bypass Protection Mechanism, Other

An attacker could easily guess the values used. This could lead to unauthorized access to a system if the seed is used for authentication and authorization.

 

Potential Mitigations

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (“Approved Random Number Generators”).

CVE References

  • CVE-2002-0583
    • Product uses 5 alphanumeric characters for filenames of expense claim reports, stored under web root.
  • CVE-2002-0903
    • Product uses small number of random numbers for a code to approve an action, and also uses predictable new user IDs, allowing attackers to hijack new accounts.
  • CVE-2003-1230
    • SYN cookies implementation only uses 32-bit keys, making it easier to brute force ISN.
  • CVE-2004-0230
    • Complex predictability / randomness (reduced space).

CWE-335 – Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Read Time:44 Second

Description

The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-330
CWE-330

 

Consequences

Access Control, Other: Bypass Protection Mechanism, Other

If a PRNG is used incorrectly, such as using the same seed for each initialization or using a predictable seed, then an attacker may be able to easily guess the seed and thus the random numbers. This could lead to unauthorized access to a system if the seed is used for authentication and authorization.

 

Potential Mitigations

CVE References

  • CVE-2019-11495
    • server uses erlang:now() to seed the PRNG, which
      results in a small search space for potential random
      seeds
  • CVE-2018-12520
    • Product’s PRNG is not seeded for the generation of session IDs
  • CVE-2016-10180
    • Router’s PIN generation is based on rand(time(0)) seeding.

CWE-336 – Same Seed in Pseudo-Random Number Generator (PRNG)

Read Time:48 Second

Description

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-335

 

Consequences

Other, Access Control: Other, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices.

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

CVE References

CWE-299 – Improper Check for Certificate Revocation

Read Time:2 Minute, 8 Second

Description

The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-295
CWE-404

 

Consequences

Access Control: Gain Privileges or Assume Identity

Trust may be assigned to an entity who is not who it claims to be.

Integrity, Other: Other

Data from an untrusted (and possibly malicious) source may be integrated.

Confidentiality: Read Application Data

Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Ensure that certificates are checked for revoked status.

Phase: Implementation

Description: 

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status.

CVE References

  • CVE-2011-2014
    • LDAP-over-SSL implementation does not check Certificate Revocation List (CRL), allowing spoofing using a revoked certificate.
  • CVE-2011-0199
    • Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
  • CVE-2010-5185
    • Antivirus product does not check whether certificates from signed executables have been revoked.
  • CVE-2009-3046
    • Web browser does not check if any intermediate certificates are revoked.
  • CVE-2009-0161
    • chain: Ruby module for OCSP misinterprets a response, preventing detection of a revoked certificate.
  • CVE-2011-2701
    • chain: incorrect parsing of replies from OCSP responders allows bypass using a revoked certificate.
  • CVE-2011-0935
    • Router can permanently cache certain public keys, which would allow bypass if the certificate is later revoked.
  • CVE-2009-1358
    • chain: OS package manager does not properly check the return value, allowing bypass using a revoked certificate.
  • CVE-2009-0642
    • chain: language interpreter does not properly check the return value from an OSCP function, allowing bypass using a revoked certificate.
  • CVE-2008-4679
    • chain: web service component does not call the expected method, which prevents a check for revoked certificates.
  • CVE-2006-4410
    • Certificate revocation list not searched for certain certificates.
  • CVE-2006-4409
    • Product cannot access certificate revocation list when an HTTP proxy is being used.

CWE-30 – Path Traversal: ‘dir..filename’

Read Time:43 Second

Description

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘dir..filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-23

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

  • CVE-2002-1987
    • Protection mechanism checks for “/..” but doesn’t account for Windows-specific “..” allowing read of arbitrary files.

CWE-300 – Channel Accessible by Non-Endpoint

Read Time:1 Minute, 45 Second

Description

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-923

 

Consequences

Confidentiality, Integrity, Access Control: Read Application Data, Modify Application Data, Gain Privileges or Assume Identity

An attacker could pose as one of the entities and read or possibly modify the communication.

 

Potential Mitigations

Phase: Implementation

Description: 

Always fully authenticate both ends of any communications channel.

Phase: Architecture and Design

Description: 

Adhere to the principle of complete mediation.

Phase: Implementation

Description: 

A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer’s private key. The certificate can be validated by deciphering the certificate with the issuer’s public key. See also X.509 certificate signature chains and the PGP certification structure.

CVE References

  • CVE-2014-1266
    • chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversry-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).

CWE-301 – Reflection Attack in an Authentication Protocol

Read Time:40 Second

Description

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-287
CWE-327

 

Consequences

Access Control: Gain Privileges or Assume Identity

The primary result of reflection attacks is successful authentication with a target machine — as an impersonated user.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.

Phase: Architecture and Design

Description: 

Let the initiator prove its identity before proceeding.

CVE References

  • CVE-2005-3435
    • product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.

CWE-302 – Authentication Bypass by Assumed-Immutable Data

Read Time:46 Second

Description

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-287
CWE-807

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design, Operation, Implementation

Description: 

Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)

CVE References

  • CVE-2002-1730
    • Authentication bypass by setting certain cookies to “true”.
  • CVE-2002-1734
    • Authentication bypass by setting certain cookies to “true”.
  • CVE-2004-1611
    • Product trusts authentication information in cookie.
  • CVE-2005-1708
    • Authentication bypass by setting admin-testing variable to true.
  • CVE-2005-1787
    • Bypass auth and gain privileges by setting a variable.

CWE-303 – Incorrect Implementation of Authentication Algorithm

Read Time:19 Second

Description

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

This incorrect implementation may allow authentication to be bypassed.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-287

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

CVE References

  • CVE-2003-0750
    • Conditional should have been an ‘or’ not an ‘and’.

CWE-304 – Missing Critical Step in Authentication

Read Time:38 Second

Description

The software implements an authentication technique, but it skips a step that weakens the technique.

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-287
CWE-573

 

Consequences

Access Control, Integrity, Confidentiality: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands

This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.

 

Potential Mitigations

CVE References

  • CVE-2004-2163
    • Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.