Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: Dave1 on December 18, 2020, 08:12:02 AM


Title: [Bouncy Castle]: vulnerability (CVE-2020-28052)
Post by: Dave1 on December 18, 2020, 08:12:02 AM
Bounty Castle, a popular open source cryptography library, has been found to have a authentication bypass vulnerability, tracked in CVE-2020-28052, which can be found in their OpenBSDBcrypt class. Is because their Bcrypt.doCheckPassword() function has an error in logic and attackers can bypass password checks.

Code:
boolean isEqual = sLength == newBcryptString.length();
for (int i = 0; i != sLength; i++)
{
    isEqual &= (bcryptString.indexOf(i) == newBcryptString.indexOf(i));
}
return isEqual;

Quote
The doCheckPassword method implements a flawed verification routine. The code checks for an index of characters from 0 to 59 inclusive, rather than checking that characters at positions from 0 to 59 match. This means that passwords that result in hashes that, for instance, don’t contain bytes between 0x00 and 0x3B match every other password hash that don’t contain them. Passing this check means an attacker doesn’t need a byte-for-byte match with the stored hash value.

Timeline:
  • October 20, 2020: Vulnerability disclosed to Bouncy Castle
  • October 22, 2020: Synopsys confirms no products use version vulnerable to this issue
  • October 27, 2020: Synopsys discloses vulnerability to Bouncy Castle
  • October 28, 2020: Bouncy Castle confirms vulnerability
  • November 2, 2020: Synopsys validates Bouncy Castle fixed vulnerability
  • December 17, 2020: Advisory published

For a more detailed explanation you can read it here: (https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/)


Title: Re: [Bouncy Castle]: vulnerability (CVE-2020-28052)
Post by: NotATether on December 18, 2020, 09:37:41 AM
This must have been a programming error from a junior JS developer or someone who was in a rush. A more experienced dev taking their time wouldn't mix up array access using [] with indexOf().

Cryptography projects that require all developers to have several months of language experience and code to be peer-reviewed usually don't contain these trivial vulnerabilities.

Title: Re: [Bouncy Castle]: vulnerability (CVE-2020-28052)
Post by: pooya87 on December 18, 2020, 01:56:54 PM
Quote from: ETFbitcoin on December 18, 2020, 12:52:54 PM
Wikipedia page (https://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography) (https://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography))) mention this library is for Java and C#, so i wonder how many Bitcoin wallet/library written on Java or C# ?
Wasabi is written in C# and its dependency NBitcoin used to depend on BouncyCastle, don't know how much of it is changed now.
BitcoinJ (written in Java) and by extension any wallet/tool created on top of it (which are a lot) depend on BouncyCastle for a lot of their cryptography.
Mycelium (written in Java) has a dependency on BouncyCastle.

Whether this vulnerability affects any of these wallets, I do not know.

Title: Re: [Bouncy Castle]: vulnerability (CVE-2020-28052)
Post by: Dave1 on December 18, 2020, 11:52:26 PM
And based on the search I did, Bouncy Castle was well known, seen threads as old as 2011.

[1]Bouncy Castle help for a N00b :) (https://bitcointalk.org/index.php?topic=3813.0)
[2][SOLVED] Java/BouncyCastle - How to create public key with x and y coordinates? (https://bitcointalk.org/index.php?topic=2899.0)

So I will just assume Bouncy Castle is popular amongst cryptographic community.

Title: Re: [Bouncy Castle]: vulnerability (CVE-2020-28052)
Post by: odolvlobo on December 21, 2020, 10:51:59 AM
It appears that it only affected certain versions of the Java implementation.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines