Headline
CVE-2022-31142: Merge pull request from GHSA-376v-xgjx-7mfr · fastify/fastify-bearer-auth@f921a05
@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack. Version 7.0.2 and 8.0.1 of @fastify/bearer-auth contain a patch. There are currently no known workarounds. The package fastify-bearer-auth, which covers versions 6.0.3 and prior, is also vulnerable starting at version 5.0.1. Users of fastify-bearer-auth should upgrade to a patched version of @fastify/bearer-auth.
@@ -18,6 +18,13 @@ function verifyBearerAuthFactory (options) { if (_options.keys instanceof Set) _options.keys = Array.from(_options.keys) const { keys, errorResponse, contentType, bearerType, auth, addHook = true, verifyErrorLogLevel = ‘error’ } = _options
for (let i = 0, il = keys.length; i < il; ++i) { if (typeof keys[i] !== ‘string’) { throw new Error(‘options.keys has to contain only string entries’) } keys[i] = Buffer.from(keys[i]) }
return function verifyBearerAuth (request, reply, done) { const header = request.raw.headers.authorization if (!header) { @@ -89,17 +96,19 @@ function verifyBearerAuthFactory (options) { }
function authenticate (keys, key) { return keys.findIndex((a) => compare(a, key)) !== -1 const b = Buffer.from(key) return keys.findIndex((a) => compare(a, b)) !== -1 }
// perform constant-time comparison to prevent timing attacks function compare (a, b) { try { // may throw if they have different length, can’t convert to Buffer, etc… return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b)) } catch { if (a.length !== b.length) { // Delay return with cryptographically secure timing check. crypto.timingSafeEqual(a, a) return false }
return crypto.timingSafeEqual(a, b) }
function plugin (fastify, options, done) {
Related news
### Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack. All versions of fastify-bearer-auth are also affected. ### Patches We released: * v8.0.1 with a fix for the Fastify v4 line * v7.0.2 with a fix for the Fastify v3 line ### Workarounds There are no workarounds. Update your dependencies. ### References https://hackerone.com/reports/1633287 ### For more information If you have any questions or comments about this advisory: * Open an issue in [https://github.com/fastify/fastify-bearer-auth](https://github.com/fastify/fastify-bearer-auth) * Email us at [[email protected]](mailto:[email protected])