Closed Bug 1870579 (CVE-2024-4772) Opened 1 year ago Closed 9 months ago

Use of insecure rand() function to generate cnonce value in HTTP digest auth

Categories

(Core :: Networking: HTTP, defect, P2)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
126 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- wontfix
firefox124 --- wontfix
firefox125 --- wontfix
firefox126 + fixed

People

(Reporter: hanno, Assigned: kershaw)

References

Details

(Keywords: csectype-disclosure, reporter-external, sec-low, Whiteboard: [necko-triaged] [adv-main126+])

Attachments

(2 files)

Bug 1870579 - Use PK11_GenerateRandom to generate random number, r=#necko
48 bytes, text/x-phabricator-request
Details | Review
advisory.txt
186 bytes, text/plain
Details

The code for HTTP Digest authentication uses the rand() function to generate a random nonce value (the "cnonce").

This code in nsHttpDigestAuth.cpp:

  nsAutoCString cnonce;
  static const char hexChar[] = "0123456789abcdef";
  for (int i = 0; i < 16; ++i) {
    cnonce.Append(hexChar[(int)(15.0 * rand() / (RAND_MAX + 1.0))]);
  }

Here: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpDigestAuth.cpp#326

This should probably use some secure random function. (Like RNG_GenerateGlobalRandomBytes from NSS.)

I am marking this as a security bug, but I should say that I am unsure what the exact security impact is. I am not familiar with the inner workings of the HTTP Digest authentication protocol and what a predictable cnonce would cause. However, this can probably be used to leak information about the state of the rand() RNG to an attacker. This could be bad if rand() is also used in other problematic places.

Looks like the "binary data to hex characters" bit is also broken and should use a common utility function instead.

See Also: → 1339479
Group: core-security → network-core-security
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged] [necko-priority-new]
Whiteboard: [necko-triaged] [necko-priority-new] → [necko-triaged] [necko-priority-next]
Flags: sec-bounty?
Whiteboard: [necko-triaged] [necko-priority-next] → [necko-triaged][necko-priority-queue]
Assignee: nobody → kershaw
Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4c58e1b47bd6 Use PK11_GenerateRandom to generate random number, r=necko-reviewers,valentin
Whiteboard: [necko-triaged][necko-priority-queue] → [necko-triaged]

https://hg.mozilla.org/mozilla-central/rev/4c58e1b47bd6

Group: network-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 9 months ago
status-firefox126: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 126 Branch

The patch landed in nightly and beta is affected.
:kershaw, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox125 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(kershaw)
status-firefox125: affectedwontfix
Flags: needinfo?(kershaw)

Unfortunately this does not meet the severity level for our bug bounty program

Flags: sec-bounty? → sec-bounty-
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
Regressions: 1892449
Whiteboard: [necko-triaged] → [necko-triaged] [adv-main126+]
Alias: CVE-2024-4772
Flags: sec-bounty-hof+
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: