Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-45669: Merge pull request from GHSA-v9hx-v6vf-g36j · webauthn4j/webauthn4j-spring-security@129700d

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version 0.9.1.RELEASE. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
#vulnerability#web#java#perl#auth#chrome

Expand Up

@@ -16,6 +16,7 @@

package e2e;

import com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService;

import com.webauthn4j.springframework.security.webauthn.sample.SampleSPA;

import e2e.page.AuthenticatorLoginComponent;

import e2e.page.PasswordLoginComponent;

Expand All

@@ -34,18 +35,24 @@

import org.openqa.selenium.support.ui.WebDriverWait;

import org.openqa.selenium.virtualauthenticator.HasVirtualAuthenticator;

import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.test.context.SpringBootTest;

import org.springframework.test.context.junit4.SpringRunner;

import java.time.Duration;

import static org.assertj.core.api.Assertions.assertThat;

@RunWith(SpringRunner.class)

@SpringBootTest(classes = SampleSPA.class, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)

public class RegistrationAndAuthenticationE2ETest {

private WebDriver driver;

private WebDriverWait wait;

@Autowired

private WebAuthnAuthenticatorService webAuthnAuthenticatorService;

@BeforeClass

public static void setupClassTest() {

WebDriverManager.chromedriver().setup();

Expand Down Expand Up

@@ -86,8 +93,10 @@ public void test() {

signupComponent.waitRegisterClickable();

signupComponent.clickRegister();

// Password authentication

wait.until(ExpectedConditions.urlToBe(“http://localhost:8080/angular/login”));

long counterValueAtRegistrationPhase = webAuthnAuthenticatorService.loadAuthenticatorsByUserPrincipal(“[email protected]”).get(0).getCounter();

// Password authentication

PasswordLoginComponent passwordLoginComponent = new PasswordLoginComponent(driver);

passwordLoginComponent.setUsername(“[email protected]”);

passwordLoginComponent.setPassword(“password”);

Expand All

@@ -98,6 +107,10 @@ public void test() {

// nop

wait.until(ExpectedConditions.urlToBe(“http://localhost:8080/angular/profile”));

long counterValueAtAuthenticationPhase = webAuthnAuthenticatorService.loadAuthenticatorsByUserPrincipal(“[email protected]”).get(0).getCounter();

assertThat(counterValueAtAuthenticationPhase).isGreaterThan(counterValueAtRegistrationPhase);

ProfileComponent profileComponent = new ProfileComponent(driver);

}

Expand Down

Related news

GHSA-v9hx-v6vf-g36j: WebAuthn4J Spring Security Improper signature counter value handling

Improper signature counter value handling ### Impact A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. ### Patches Please upgrade to `com.webauthn4j:webauthn4j-spring-security-core:0.9.1.RELEASE` ### References For more details about WebAuthn signature counters, see [WebAuthn specification 6.1.1. Signature Counter Considerations](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter). ### Reporter This issue was discovered by Michael Budnick (@mbudnick)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907