Re: [OAUTH-WG] State Leakage Attack
André DeMarre <andredemarre@gmail.com> Sat, 23 April 2016 13:55 UTC
Return-Path: <andredemarre@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76F0D12D5DB for <oauth@ietfa.amsl.com>; Sat, 23 Apr 2016 06:55:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMip7VskHe1E for <oauth@ietfa.amsl.com>; Sat, 23 Apr 2016 06:55:43 -0700 (PDT)
Received: from mail-ig0-x243.google.com (mail-ig0-x243.google.com [IPv6:2607:f8b0:4001:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADC0812D0E2 for <oauth@ietf.org>; Sat, 23 Apr 2016 06:55:43 -0700 (PDT)
Received: by mail-ig0-x243.google.com with SMTP id fn8so5630050igb.2 for <oauth@ietf.org>; Sat, 23 Apr 2016 06:55:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=Jv755KMyOZwrvTeksfmUV6p+gnvFh44dImEBT9jak+Y=; b=QgOU3IPtDrSmER0pxKg7hegt7XYEm6FPI8NFG+I7NRb5vpw7qO6/lO4XeFzfx+/qgF UvuumcvuANhL/mc2Tb44uJ63hEWzAxd/Wtft2o/4ttoLPSJO3MDixt8Va+MCtgIZLa8w a8qxmJs8odFaMOCC3/O7r/jVdyHtIth6bC9sg8exbctMGq9q89oe92AtbowZV1705cPd FD3MKOoIKFa1VcaBVsoAQQF/FMxCAFBfwj031ftqrH4Ywp3WpKM/6hGYmjIwHawgzsQ3 f2bYJQioe8Ur9kkyP1wIb9Ko07yz7dxIq47xek/qwwX0UXzJDBwF1uEkd9Q5fPkDN4yj 52uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=Jv755KMyOZwrvTeksfmUV6p+gnvFh44dImEBT9jak+Y=; b=FsjnjISeJcm087qREkddyWbJoZN26sJppfFg8kmhcqZKjvMBNpOtJJwR/pHjd5wQkw 82KImNT4K24dARM6m4GF+4mgBKBkMkST4q7arZl0rBwbUULGdxgtcaU9ZwXSlGE2Uno9 fhlzTjKUjq3Lh/AbM4P1b4OkXD1V4D65ZXAALXyeKfe3Q+80vSdCf4MJNleXjPBZNybu yK/u74VpacGtoDoMKJgcq0cO70An8QuVEMWnaabzzwyBx/TKK4dCisiakPw6xOjPwMkP SL7t1q2ASmMmfo2OibiXce2+PpaUFVS+XbHmmqebmNnCGB4safRIT+nBP8Zis0DW/nl3 3xBA==
X-Gm-Message-State: AOPr4FXcSTnyygzLDYZHbRukYZdp+wy2semv2lcDSNWg1wIjoZLkv+UEvg2Y6e3hCu0gDzdQk9ECeE0jWmgClw==
MIME-Version: 1.0
X-Received: by 10.50.205.42 with SMTP id ld10mr2787014igc.17.1461419743095; Sat, 23 Apr 2016 06:55:43 -0700 (PDT)
Received: by 10.79.24.5 with HTTP; Sat, 23 Apr 2016 06:55:42 -0700 (PDT)
Received: by 10.79.24.5 with HTTP; Sat, 23 Apr 2016 06:55:42 -0700 (PDT)
In-Reply-To: <CAEwGkqANJa-dgsaqkN+UnxedsL2mf+eww_Swgeq5wVyrrrRq8Q@mail.gmail.com>
References: <571A3339.706@uni-trier.de> <8E6CA392-96B3-4DBE-8167-9FDD972A31A8@adobe.com> <571A36AE.5020105@uni-trier.de> <DEC7CA6F-5C6B-406F-97B8-0675D1A7D24F@adobe.com> <571A3860.90609@uni-trier.de> <4ea52uuwo0qag9ijskcke5mh.1461344868116@com.syntomo.email> <571B52B4.3060606@gtrs.de> <CAEayHEP8k4ZZxi5otPSUxhOgXuQ-7Z=O29hpCVkCYwnP3TjVTw@mail.gmail.com> <CAEwGkqDK-O_OMb9-y6vMbdRaD_bsCYc6UU7a66kAQsp82tb1Rg@mail.gmail.com> <CAEwGkqCF7+m8T5_bfJCUg0nKfTHpG4WcBPKvEE8-Z88bfqzgyA@mail.gmail.com> <CAEwGkqANJa-dgsaqkN+UnxedsL2mf+eww_Swgeq5wVyrrrRq8Q@mail.gmail.com>
Date: Sat, 23 Apr 2016 06:55:42 -0700
Message-ID: <CAEwGkqAJxhurWeA1Wu6JrWsK9m1JoAMN1jt9muSKoufGZZqjBA@mail.gmail.com>
From: André DeMarre <andredemarre@gmail.com>
To: OAuth WG <oauth@ietf.org>, Thomas Broyer <t.broyer@gmail.com>
Content-Type: multipart/alternative; boundary="bcaec501c05aa7b1050531274c27"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Pu84qwJzvV8XiGaxwEnKKfmFgn8>
Subject: Re: [OAUTH-WG] State Leakage Attack
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2016 13:55:45 -0000
I overlooked that one-time use was suggested in the original report; sorry. I agree with the mitigation, and that client developers should be made aware. Andre DeMarre On Apr 23, 2016 6:51 AM, "André DeMarre" <andredemarre@gmail.com> wrote: A client that implements state values as one-time use would not be affected by this leakage. The state would be invalidated before it got leaked. Andre DeMarre On Apr 23, 2016 4:19 AM, "Thomas Broyer" <t.broyer@gmail.com> wrote: > > > On Sat, Apr 23, 2016 at 12:49 PM Guido Schmitz <g.schmitz@gtrs.de> wrote: > >> Hi Torsten, >> >> as the state value is supposed to protect the user agent's session >> against CSRF attacks, an attacker can use the leaked state value to >> perform a CSRF attack against this user agent. >> >> The attacker can, for example, redirect the user agent to the client's >> redirection endpoint (again) and by this, overwrite the previously >> performed authorization. When the client then contacts some RS (in the >> context of the user under attack), it may use an access token linked to >> the attacker's account (instead of an access token linked to the user's >> account) at the RS. The effects of such an attack are similar to a >> session swapping attack. The attacker does not need to access the >> session context directly (which may bound to the user agent), as he >> instructs the correct user agent to perform these actions. >> > > +1 > > This is briefly and indirectly touched in > https://tools.ietf.org/html/rfc6819#section-4.4.2.5 > > This will ensure that the client is not tricked into completing > any redirect callback unless it is linked to an authorization > request initiated by the client. > > But this is clearly not explicit (and could very well be just by luck); > note: the key here being "an authorization request initiated by the client". > > So, I agree about the validity of the attack and the suggested mitigation > (disclaimer: I'm in no way a security expert, only just a web dev), and I > haven't seen this attack described anywhere. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- Re: [OAUTH-WG] State Leakage Attack John Bradley
- [OAUTH-WG] State Leakage Attack Daniel Fett
- Re: [OAUTH-WG] State Leakage Attack Antonio Sanso
- Re: [OAUTH-WG] State Leakage Attack Daniel Fett
- Re: [OAUTH-WG] State Leakage Attack Antonio Sanso
- Re: [OAUTH-WG] State Leakage Attack Daniel Fett
- Re: [OAUTH-WG] State Leakage Attack Daniel Fett
- Re: [OAUTH-WG] State Leakage Attack Antonio Sanso
- Re: [OAUTH-WG] State Leakage Attack torsten@lodderstedt.net
- Re: [OAUTH-WG] State Leakage Attack Guido Schmitz
- Re: [OAUTH-WG] State Leakage Attack Torsten Lodderstedt
- Re: [OAUTH-WG] State Leakage Attack Thomas Broyer
- Re: [OAUTH-WG] State Leakage Attack André DeMarre
- Re: [OAUTH-WG] State Leakage Attack Thomas Broyer
- Re: [OAUTH-WG] State Leakage Attack André DeMarre
- Re: [OAUTH-WG] State Leakage Attack Torsten Lodderstedt
- Re: [OAUTH-WG] State Leakage Attack Thomas Broyer
- Re: [OAUTH-WG] State Leakage Attack torsten@lodderstedt.net
- Re: [OAUTH-WG] State Leakage Attack John Bradley
- Re: [OAUTH-WG] State Leakage Attack Daniel Fett
- Re: [OAUTH-WG] State Leakage Attack Antonio Sanso
- Re: [OAUTH-WG] State Leakage Attack Daniel Fett
- Re: [OAUTH-WG] State Leakage Attack John Bradley
- Re: [OAUTH-WG] State Leakage Attack John Bradley
- Re: [OAUTH-WG] State Leakage Attack Torsten Lodderstedt