GHSA-V9HX-V6VF-G36J

Vulnerability from github – Published: 2023-10-17 13:23 – Updated: 2023-10-17 13:23
VLAI?
Summary
WebAuthn4J Spring Security Improper signature counter value handling
Details

Improper signature counter value handling

Impact

A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected.

Patches

Please upgrade to com.webauthn4j:webauthn4j-spring-security-core:0.9.1.RELEASE

References

For more details about WebAuthn signature counters, see WebAuthn specification 6.1.1. Signature Counter Considerations.

Reporter

This issue was discovered by Michael Budnick (@mbudnick)

Severity ?
4.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.webauthn4j:webauthn4j-spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.1.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-45669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-17T13:23:20Z",
    "nvd_published_at": "2023-10-16T19:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Improper signature counter value handling\n\n### Impact\n\nA flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work.\nAn attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected.\n\n### Patches\n\nPlease upgrade to `com.webauthn4j:webauthn4j-spring-security-core:0.9.1.RELEASE`\n\n\n### References\n\nFor more details about WebAuthn signature counters, see [WebAuthn specification 6.1.1. Signature Counter Considerations](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter).\n\n### Reporter\n\nThis issue was discovered by Michael Budnick (@mbudnick)\n",
  "id": "GHSA-v9hx-v6vf-g36j",
  "modified": "2023-10-17T13:23:20Z",
  "published": "2023-10-17T13:23:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45669"
    },
    {
      "type": "WEB",
      "url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/webauthn4j/webauthn4j-spring-security"
    },
    {
      "type": "WEB",
      "url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "WebAuthn4J Spring Security Improper signature counter value handling"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.