Api watchlist token should be compared in constant time
Closed, ResolvedPublic

Description

The token comparison in ApiBase::getWatchlistUser() isn't constant time, so timing attack is theoretically possible.


Patch:

  • 1.25 - same as master ()
  • 1.24 - same as master ()
  • 1.23 - (include hash_equals)

Affected Versions:
Type: csrf

csteipp created this task.Mar 26 2015, 11:02 PM
csteipp added a project: Security.
csteipp changed the visibility from "Public (No Login Required)" to "Custom Policy".
csteipp changed the edit policy from "All Users" to "Custom Policy".
csteipp changed Security from None to Software security bug.
csteipp added subscribers: csteipp, Anomie.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 26 2015, 11:02 PM
Anomie claimed this task.EditedMar 27 2015, 3:53 PM

+1.

The hash_equals fallback was only added in 1.24 (b9e1d5f5c066a26f115eac69e268a98e6591d121), so it'll also have to be backported to 1.23 and 1.19...

+2? Anything else that needs to be done to get this deployed?

Slipped off my radar. Patch looks good to me.

@mmodell, can you deploy this and confirm when it's on the cluster?

csteipp added a parent task: Restricted Task.Jun 11 2015, 9:57 PM
csteipp closed this task as "Resolved".Jul 8 2015, 8:57 PM

20:53 csteipp: deployed patch for T94116 for wmf12/wmf13

demon added a subscriber: demon.Aug 10 2015, 7:38 PM

Patch for REL1_23 that includes backport of hash_equals(). Existing patch above already applies cleanly to 1.24, 1.25 and master.

csteipp edited the task description. (Show Details)Aug 10 2015, 8:18 PM
csteipp added a project: Vuln-CSRF.
csteipp changed the visibility from "Custom Policy" to "Public (No Login Required)".Aug 10 2015, 10:00 PM
csteipp changed the edit policy from "Custom Policy" to "All Users".
csteipp changed Security from Software security bug to None.

Change 230665 had a related patch set uploaded (by Chad):
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230665

Change 230669 had a related patch set uploaded (by Chad):
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230669

Change 230673 had a related patch set uploaded (by Chad):
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230673

Change 230673 merged by jenkins-bot:
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230673

Change 230669 merged by jenkins-bot:
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230669

Change 230665 merged by jenkins-bot:
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230665

Change 230774 had a related patch set uploaded (by Chad):
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230774

Change 230774 merged by jenkins-bot:
SECURITY: API: Use constant-time comparison for watchlist token

https://gerrit.wikimedia.org/r/230774

CVE-2015-6728 was assigned for this