CVE-2023-43644 - Sing-box Open Source Proxy System Authentication Bypass Vulnerability

Sing-box, a popular open-source proxy system, is found to have an authentication bypass vulnerability in the affected versions. This vulnerability can lead to unauthorized access to the system, allowing an attacker to potentially exploit the system or cause disruption. In this post, we will discuss the details of the CVE-2023-43644 vulnerability, provide a code snippet showcasing the issue, and recommend solutions to mitigate the problem.

Vulnerability Details

The CVE-2023-43644 vulnerability exists in Sing-box, due to insufficient handling of specially crafted requests sent to the proxy. As a result, the authentication mechanism can be bypassed by an attacker, leading to unauthorized access to the system. This affects all SOCKS5 inbounds configured with user-authentication.

The following code snippet demonstrates the vulnerable authentication mechanism

function authenticate(socks5Request, clientConnection) {
  // Parse the incoming request
  const parsedRequest = parseSocks5Request(socks5Request);

  // Check if user authentication is required
  if (config.userAuthRequired) {
    if (!parsedRequest.hasOwnProperty('username') || !parsedRequest.hasOwnProperty('password')) {
      // If the request does not have the necessary credentials, reject the request
      return clientConnection.send(Buffer.from([x05, xFF]));
    }

    if (parsedRequest.username !== config.username || parsedRequest.password !== config.password) {
      // If the provided credentials do not match the expected credentials, reject the request
      return clientConnection.send(Buffer.from([x05, xFF]));
    }
  }

  // Authentication successful, proceed with handling the request
}

The vulnerability lies in the fact that a specially crafted request can bypass the config.userAuthRequired check, resulting in unauthorized access.

Exploit Details

An attacker can exploit this vulnerability by sending a specially crafted SOCKS5 request, designed to bypass the authentication mechanism. By crafting a request containing specific data, the attacker can potentially gain unauthorized access, allowing them to execute further attacks or cause disruptions within the proxy environment.

1.5.-rc.4

2. If you are unable to update Sing-box, ensure that the SOCKS5 inbound is not exposed to insecure environments.

For more information on Sing-box and the latest updates, please refer to the official Sing-box GitHub repository.

Conclusion

CVE-2023-43644 is a critical vulnerability affecting the Sing-box open-source proxy system, allowing attackers to bypass authentication mechanisms and potentially compromise the system. Users are advised to update to the latest Sing-box version or implement proper network isolation strategies to prevent unauthorized access. Regularly updating software and following best practices for network security can help protect against such vulnerabilities and improve overall system security.

Timeline

Published on: 09/25/2023 20:15:11 UTC
Last modified on: 09/26/2023 15:45:28 UTC