CVE-2023-46809: Node.js Versions Vulnerable to Marvin Attack via Unpatched OpenSSL and PKCS #1 v1.5 Padding in RSA Decryption
Hello everyone! Today, we will be discussing a critical security vulnerability that affects Node.js versions that bundle unpatched versions of OpenSSL or run against a dynamically linked version of OpenSSL with the CVE-2023-46809 identifier. This vulnerability exposes applications to the Marvin Attack (https://people.redhat.com/~hkario/marvin/), particularly when PKCS # 1 v1.5 padding is allowed while performing RSA decryption with a private key.
Overview of the Marvin Attack
The Marvin Attack is a recently discovered vulnerability in the OpenSSL library, which is a widely used cryptographic library for SSL/TLS protocols. This vulnerability affects OpenSSL's implementation of RSA decryption using PKCS #1 v1.5 padding, which can lead to various security exploits such as sensitive data leakages and remote code execution.
The attack is named after the "Marvin the Martian" character from Looney Tunes due to the unexpected behavior it triggers in the implementations that should be, theoretically, secure.
Code Snippet for Vulnerable RSA Decryption
Here is an example of a vulnerable code snippet that uses OpenSSL to perform RSA decryption with PKCS #1 v1.5 padding:
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/pem.h>
int main() {
RSA *private_key = load_private_key_from_file("private_key.pem");
unsigned char encrypted_data[] = { ... };
size_t encrypted_data_len = sizeof(encrypted_data);
unsigned char decrypted_data[512];
int padding = RSA_PKCS1_PADDING;
int decrypted_data_len = RSA_private_decrypt(
encrypted_data_len,
encrypted_data,
decrypted_data,
private_key,
padding
);
if (decrypted_data_len == -1) {
ERR_print_errors_fp(stderr);
} else {
printf("Successful decryption. Decrypted data: %s\n", decrypted_data);
}
return ;
}
In the above code snippet, the RSA decryption is performed using PKCS #1 v1.5 padding. If the OpenSSL library used is unpatched, this code is vulnerable to the Marvin Attack.
Node.js versions that bundle an unpatched version of OpenSSL.
2. Node.js versions that run against a dynamically linked version of OpenSSL, and the linked OpenSSL library is unpatched.
To check if your Node.js and OpenSSL versions are vulnerable, you can run the following commands
node -v
openssl version -a
If you see an unpatched version of OpenSSL (less than 1..2za, 1.1.1m, or 3..1), your Node.js installation may be susceptible to the Marvin Attack when using PKCS #1 v1.5 padding in RSA decryption.
To protect your applications from the Marvin Attack, we recommend the following actions
1. Update your Node.js installation to the latest version, which bundles a patched version of OpenSSL. You can find the most recent releases on the official Node.js website (https://nodejs.org/en/download/releases/).
2. If your Node.js installation uses a dynamically linked OpenSSL library, update the OpenSSL library to a patched version (at least 1..2za, 1.1.1m, or 3..1) as outlined in the OpenSSL security advisory (https://www.openssl.org/news/secadv/20211214.txt).
3. Consider switching from PKCS #1 v1.5 padding to a more secure padding scheme like OAEP (Optimal Asymmetric Encryption Padding) when performing RSA decryption.
Stay safe and ensure that your Node.js applications are running with the latest security patches to avoid any potential exploits related to the CVE-2023-46809 vulnerability!
Timeline
Published on: 09/07/2024 16:15:02 UTC
Last modified on: 09/09/2024 18:35:01 UTC