Security Isssue

Question

Security Isssue

J-GainSec opened this issue 2 years ago · comments

J-GainSec commented 2 years ago

Hey, can you just email me at security@gainsecmail.com and I'll give you the details.

Thanks

Isaac Noda · Answer 1 · Tue Aug 02 2022 02:47:49 GMT+0800 (China Standard Time)

Can you just share the details here?

J-GainSec · Answer 2 · Tue Aug 02 2022 02:53:21 GMT+0800 (China Standard Time)

Sure. The issues aren't big.

Issue 1: Weak Password Requirements

The OnTrack application allows extremely weak passwords such as "toor". Below is the exact output demonstrating that the application created a user with a weak password that is also the same as the username.

Loading production environment (Rails 6.1.6)
irb(main):001:0> User.create!(username: "toor", password: "toor")
D, [2022-06-29T22:55:35.436698 #4] DEBUG -- : TRANSACTION (3.3ms) BEGIN
D, [2022-06-29T22:55:35.442076 #4] DEBUG -- : User Create (5.0ms) INSERT INTO "users" ("username", "password", "created_at", "updated_at") VALUES ($1, $2, $3, $4) RETURNING "id" [["username", "$2a$12$DpOrLFhATVwY2.4W7rdXLu.pJyESqE2hb6NpbJLTj9tk4TImvMxWq"], ["password", "$2a$12$Z4zejwEb2wcvJpjw/V9M3.iKsJAyuYdJZoE439AwRYW1UxI1oM3O."], ["created_at", "2022-06-29 22:55:35.432511"], ["updated_at", "2022-06-29 22:55:35.432511"]]
D, [2022-06-29T22:55:35.450126 #4] DEBUG -- : TRANSACTION (7.7ms) COMMIT
=> #<User id: 1, username: "$2a$12$DpOrLFhATVwY2.4W7rdXLu.pJyESqE2hb6NpbJLTj9t...", password: [FILTERED], created_at: "2022-06-29 22:55:35.432511000 +0000", updated_at: "2022-06-29 22:55:35.432511000 +0000", monthly_goal: 0>
irb(main):002:0>

Reference: https://cwe.mitre.org/data/definitions/521.html

Issue 2: Use of Password Hash With Insufficient Computational Effort

The username/passwords of the OnTrack application is utilizing Bcrypt (default configuration). Below is in the input/output of running hashcat against the hashed username/passwords.

hashcat -m 3200 -a 0 hashlist wordlist --force

hashcat (v6.2.5-508-g0b27d1f9e) starting

You have enabled --force to bypass dangerous warnings and errors!
This can hide serious problems and should only be done when debugging.
Do not report hashcat issues encountered when using --force.

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 72

Hashes: 2 digests; 2 unique digests, 2 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:

Zero-Byte

Watchdog: Temperature abort trigger set to 100c

Host memory required for this attack: 0 MB

Dictionary cache built:

Filename..: wordlist
Passwords.: 1
Bytes.....: 5
Keyspace..: 1
Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

$2a$12$DpOrLFhATVwY2.4W7rdXLu.pJyESqE2hb6NpbJLTj9tk4TImvMxWq:toor
$2a$12$Z4zejwEb2wcvJpjw/V9M3.iKsJAyuYdJZoE439AwRYW1UxI1oM3O.:toor

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 3200 (bcrypt $2*$, Blowfish (Unix))
Hash.Target......: hashlist
Time.Started.....: Thu Jun 30 01:04:45 2022, (1 sec)
Time.Estimated...: Thu Jun 30 01:04:46 2022, (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 4 H/s (0.98ms) @ Accel:8 Loops:16 Thr:1 Vec:1
Recovered.Total..: 2/2 (100.00%) Digests, 2/2 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#2...: Salt:1 Amplifier:0-1 Iteration:4080-4096
Candidate.Engine.: Device Generator
Candidates.#2....: toor -> toor
Hardware.Mon.SMC.: Fan0: 19%, Fan1: 19%
Hardware.Mon.#2..: Temp: 52c

Started: Thu Jun 30 01:04:39 2022

Reference: https://cwe.mitre.org/data/definitions/916.html

Again nothing serious at all. Just wanted to bring to your attention and publish/post about the issues. Do I have permission to do that? Would you like me to wait a week or two so you can implement a fix if you see fit?

Isaac Noda · Answer 3 · Sun Aug 07 2022 03:26:56 GMT+0800 (China Standard Time)

Isn't issue 2 just a result of issue 1? Or is there some bcrypt configuration I should be taking advantage of?

J-GainSec · Answer 4 · Sun Aug 07 2022 04:52:44 GMT+0800 (China Standard Time)

Think you can increase the "cost" to mitigate the ease of cracking :

https://www.rubydoc.info/github/codahale/bcrypt-ruby/BCrypt/Password

Class Method Details

Hashes a secret, returning a BCrypt::Password instance. Takes an optional :cost option, which is a logarithmic variable which determines how computational expensive the hash is to calculate (a :cost of 4 is twice as much work as a :cost of 3). The higher the :cost the harder it becomes for attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check users' passwords.

Increasing the password complexity requirements is also ideal ofc.