XML signature HMAC truncation authentication bypass

2009-07-14T00:00:00
ID VU:466161
Type cert
Reporter CERT
Modified 2009-08-05T00:00:00

Description

Overview

The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.

Description

XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid.


Impact

This vulnerability can allow an attacker to bypass the authentication mechanism provided by the XML Signature specification.


Solution

Apply an update

Please check with your vendor for available updates. Erratum E03 for the XMLDsig recommendation has been added, which specifies minimum values for HMAC truncation.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Apache XML Security| | -| 14 Jul 2009
Apple Inc.| | 09 Jul 2009| 10 Jul 2009
Debian GNU/Linux| | 09 Jul 2009| 14 Jul 2009
IBM Corporation| | 09 Jul 2009| 14 Jul 2009
Mono-Project| | -| 10 Jul 2009
Oracle Corporation| | -| 13 Jul 2009
RSA Security, Inc.| | -| 14 Jul 2009
Sun Microsystems, Inc.| | 09 Jul 2009| 05 Aug 2009
XML Security Library| | -| 10 Jul 2009
Force10 Networks, Inc.| | 09 Jul 2009| 14 Jul 2009
m0n0wall| | 09 Jul 2009| 10 Jul 2009
PePLink| | 09 Jul 2009| 20 Jul 2009
Q1 Labs| | 09 Jul 2009| 10 Jul 2009
The SCO Group| | 09 Jul 2009| 13 Jul 2009
VMware| | 09 Jul 2009| 14 Jul 2009
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.w3.org/2008/06/xmldsigcore-errata.html#e03>
  • <http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html>
  • <http://www.rsa.com/blog/blog_entry.aspx?id=1492>
  • <http://www.w3.org/TR/xmldsig-core/>
  • <http://www.w3.org/TR/xmldsig-core/#sec-HMAC>
  • <http://tools.ietf.org/html/rfc2104#section-5>
  • <http://www.oasis-open.org/specs/index.php#wss>
  • <http://www.w3.org/2000/xp/Group/>
  • <http://msdn.microsoft.com/en-us/library/ms996502.aspx>
  • http://www.ibm.com/support/docview.wss?rs=180&uid;=swg21384925
  • <http://santuario.apache.org/download.html>
  • <http://www.mono-project.com/Vulnerabilities>
  • <http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html>
  • <http://www.aleksey.com/xmlsec/downloads.html>
  • <http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161>
  • <http://rdist.root.org/2009/07/19/xmldsig-welcomes-all-signatures/>

Credit

Thanks to Thomas Roessler of the W3C for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2009-0217
  • Date Public: 14 Jul 2009
  • Date First Published: 14 Jul 2009
  • Date Last Updated: 05 Aug 2009
  • Severity Metric: 8.16
  • Document Revision: 28