CVE-2024-21484: Observable Discrepancy in RSA Decryption Process in jsrsasign Package Poses Security Risk

A recently discovered vulnerability, identified as CVE-2024-21484, is plaguing earlier versions of the popular Javascript library jsrsasign. jsrsasign is widely used for various cryptographic operations, including signing, decryption, and encryption. The vulnerability originates from the observable discrepancy in RSA PKCS1.5 and RSAOAEP decryption processes, putting JavaScript applications at risk. An attacker with access to a large number of ciphertexts encrypted with the same key can exploit this vulnerability to decrypt these ciphertexts, compromising the encrypted data's security and integrity.

@jsrsasign/observable-discrepancy-rsa-decryption

Affected Versions

The vulnerable package is jsrsasign, and the affected versions are earlier than 11...

Exploit Details

The issue arises due to an observable discrepancy in the RSA PKCS1.5 and RSAOAEP decryption processes. This discrepancy allows an attacker to exploit the Marvin security flaw, decrypting ciphertexts using the same key. Consequently, this compromises the confidentiality and security of encrypted data within the application.

To better understand the issue, let's take a look at a code snippet from a vulnerable version of jsrsasign:

const jsrsasign = require('jsrsasign');
const key = '-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----';

const encryptedData = 'F78235F86C679546C5A653C57E29AD27';

const decryptedData = jsrsasign.decrypt(encryptedData, key, 'RSA');

console.log('Decrypted Data:', decryptedData);

For more information, consult the following original references

- CVE-2024-21484: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484
- Marvin security flaw: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/weis01.pdf

Workaround

As a temporary workaround to mitigate this vulnerability, you can replace RSA and RSAOAEP decryption implementations with another crypto library. For instance, you could use the 'node-forge' library, which provides an alternative implementation of RSA encryption and decryption.

Here is an example of how to replace jsrsasign with the 'node-forge' library for RSA decryption

const forge = require('node-forge');
const fs = require('fs');

const publicKey = fs.readFileSync('public_key.pem', 'utf8');
const encryptedData = 'F78235F86C679546C5A653C57E29AD27';

const publicKeyForge = forge.pki.publicKeyFromPem(publicKey);

const decryptedBytes = publicKeyForge.decrypt(encryptedData);

const decryptedMessage = String.fromCharCode.apply(null, decryptedBytes);

console.log('Decrypted Data:', decryptedMessage);

In summary, developers using jsrsasign for RSA decryption should consider assessing the underlying risks and updating their implementation to mitigate CVE-2024-21484. Updating to version 11.. or later or adopting a different crypto library for RSA decryption is highly recommended to fortify your JavaScript applications against potential security threats.

Timeline

Published on: 01/22/2024 05:15:08 UTC
Last modified on: 03/06/2024 14:15:47 UTC