2019 Q1 Recurity Assessment: Information Exposure Through Timing Discrepancy
https://gitlab.com/gitlab-com/gl-security/engineering/issues/329
Details
During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data. As can be seen in the following code of ee/lib/gitlab/geo/oauth/login_state.rb
, the non-constant time comparison operator == is used to verify the validity of the provided HMAC.
def valid?
return false unless salt.present? & hmac.present?
hmac == generate_hmac
end
Due to the way how this operator works, the comparison "xecret" == "secret
" is resolved significantly faster than "secrex" == "secret"
.Ref
Since the HMAC contains the parameter redirect_to
, this issue could be used to guess the correct hash for an arbitrary URL of the attacker's choice, forwarding the user to an attacker-controlled URL.
However, it should be noted that the amount of effort required to exploit this issue is disproportionately high compared to its impact.
Reproduction Steps
Observe the code at ee/lib/gitlab/geo/oauth/login_state.rb
.
Recommendation
Recurity Labs recommends choosing a constant-time comparison, such as
secure_compare
from Rails ActiveSupport
module