CVE-2023-32762 - Security Vulnerability in Qt Network: HSTS Header Parsing Issue Allows Unencrypted Connections
A critical security vulnerability (CVE-2023-32762) has been discovered in Qt Network, a widely-used network programming framework for cross-platform applications. If left unpatched, this vulnerability can allow an attacker to establish unencrypted connections with a server, even when the server explicitly prohibits such connections.
The Issue
The issue lies in how Qt Network parses the strict-transport-security (HSTS) header. If the case used for the header does not exactly match, the framework would incorrectly parse it, leading to connections made in plaintext even if the server disallows it.
Exploit Details
Let's consider a scenario where a server has explicitly set the HSTS header, specifying that it does not allow unencrypted connections. Here's an example of the header value:
Strict-Transport-Security: max-age=31536000
However, if the header is sent with a different case, such as sTrict-TrAnspORt-SecUrITY, Qt Network would fail to recognize it and allow unencrypted connections to be established, thus making the server vulnerable to man-in-the-middle attacks.
The following code snippet demonstrates how this issue can be exploited
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/QNetworkRequest>
#include <QtNetwork/QNetworkReply>
#include <QUrl>
int main(int argc, char *argv[]) {
QCoreApplication a(argc, argv);
QNetworkAccessManager manager;
QNetworkRequest request(QUrl("https://vulnerable.server.com/";));
// Here's the malformed HSTS header
request.setRawHeader("sTrict-TrAnspORt-SecUrITY", "max-age=31536000");
QNetworkReply *reply = manager.get(request);
QObject::connect(reply, QOverload<QNetworkReply::NetworkError>::of(&QNetworkReply::error),
[](QNetworkReply::NetworkError code) {
qDebug() << "Error:" << code;
});
QObject::connect(reply, &QNetworkReply::finished,
[reply]() {
qDebug() << "Received:" << reply->readAll();
reply->deleteLater();
QCoreApplication::quit();
});
return a.exec();
}
Solution
To mitigate this vulnerability and protect your applications, it is strongly recommended to upgrade to the following versions of Qt with the security patch:
Original References
You can find more information about the vulnerability and the corresponding security advisory on the official Qt website:
- CVE-2023-32762 Security Advisory
- Qt Blog Post on the Security Update
- NIST National Vulnerability Database Entry
Conclusion
By addressing this vulnerability in Qt Network's HSTS header parsing, you can ensure that your applications stay secure and do not inadvertently allow unencrypted connections with the servers. It is important to keep your software up-to-date and follow security best practices to minimize the risk of being attacked.
Timeline
Published on: 05/28/2023 23:15:00 UTC
Last modified on: 06/03/2023 03:57:00 UTC